Getting Data In

Stormshield firewall logs identified as Unix OS - SC4S

corti77
Contributor

Hi,

I just deployed the latest version 2 of SC4S and I sent syslog events from our firewall Stormshield. I checked and I didn't see a specific source for this firewall brand

The box is capable of sending logs in the format RFC5424, UDP/514.

I did not configure a custom filter for it and the logs are automatically recognized as UNIX OS syslog events which is wrong, they are indexed in the osnix instead of netfw.

I would like to create a filter based on the source host but I don't find any examples in the official github documentation. 

for version 1 there is some but I am not sure if it applies to version 2.

https://splunk.github.io/splunk-connect-for-syslog/1.110.1/configuration/#override-index-or-metadata...

any suggestion?

many thanks

 

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...

Buttercup Games: Further Dashboarding Techniques (Part 5)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Customers Increasingly Choose Splunk for Observability

For the second year in a row, Splunk was recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for ...