-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
rfaircloth-splunk
committed
Dec 12, 2019
1 parent
df88021
commit 1233911
Showing
6 changed files
with
106 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| # Vendor - Nix Generic | ||
|
|
||
| ## Product - All Products | ||
|
|
||
| Many appliance vendor utilize Linux and BSD distributions as the foundation of the solution when configured to provide | ||
| syslog output these devices can be monitored using the common Splunk Nix TA | ||
|
|
||
|
|
||
| | Ref | Link | | ||
| |----------------|---------------------------------------------------------------------------------------------------------| | ||
| | Splunk Add-on | https://splunkbase.splunk.com/app/833/ | | ||
|
|
||
|
|
||
| ### Sourcetypes | ||
|
|
||
| | sourcetype | notes | | ||
| |----------------|---------------------------------------------------------------------------------------------------------| | ||
| | nix:syslog | None | | ||
|
|
||
| ### Sourcetype and Index Configuration | ||
|
|
||
| | key | sourcetype | index | notes | | ||
| |----------------|----------------|----------------|----------------| | ||
| | nix_syslog | nix:syslog | osnix | none | | ||
|
|
||
|
|
||
| ### Filter type | ||
|
|
||
| MSG Parse: This filter parses message content | ||
|
|
||
| ### Setup and Configuration | ||
|
|
||
| * Install the Splunk Add-on on the search head(s) for the user communities interested in this data source. If SC4S is exclusively used the addon is not required on the indexer. | ||
| * Review and update the splunk_index.csv file and set the index and sourcetype as required for the data source. | ||
|
|
||
|
|
||
| ### Options | ||
|
|
||
| | Variable | default | description | | ||
| |----------------|----------------|----------------| | ||
| | SC4S_ARCHIVE_NIX_SYSLOG | no | Enable archive to disk for this specific source | | ||
| | SC4S_DEST_NIX_SYSLOG_HEC | no | When Splunk HEC is disabled globally set to yes to enable this specific source | | ||
|
|
||
| ### Verification | ||
|
|
||
| An active proxy will generate frequent events. Use the following search to validate events are present per source device | ||
|
|
||
| ``` | ||
| index=osnix sourcetype=nix:syslog | stats count by host | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters