Getting Data In

Stormshield firewall logs identified as Unix OS - SC4S

corti77
Contributor

Hi,

I just deployed the latest version 2 of SC4S and I sent syslog events from our firewall Stormshield. I checked and I didn't see a specific source for this firewall brand

The box is capable of sending logs in the format RFC5424, UDP/514.

I did not configure a custom filter for it and the logs are automatically recognized as UNIX OS syslog events which is wrong, they are indexed in the osnix instead of netfw.

I would like to create a filter based on the source host but I don't find any examples in the official github documentation. 

for version 1 there is some but I am not sure if it applies to version 2.

https://splunk.github.io/splunk-connect-for-syslog/1.110.1/configuration/#override-index-or-metadata...

any suggestion?

many thanks

 

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...