Skip to content

Commit

Permalink
Merge pull request #431 from splunk/mcafee/add_context
Browse files Browse the repository at this point in the history 
Add context entry for mcafee
  • Loading branch information
Ryan Faircloth authored and GitHub committed May 4, 2020
2 parents 40aaace + 52f5cfa commit 60815c1
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 7 deletions.
8 changes: 1 addition & 7 deletions package/etc/conf.d/log_paths/lp-mcafee_epo.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,17 +24,11 @@ log {

rewrite {
set("mcafee_epo", value("fields.sc4s_vendor_product"));
r_set_splunk_dest_default(sourcetype("mcafee:epo:syslog"), index("epav"))
};
rewrite { r_set_splunk_dest_default(sourcetype("mcafee:epo:syslog"), index("epav")) };
parser {p_add_context_splunk(key("mcafee_epo")); };


parser (compliance_meta_by_source);


#We want to unset the fields we won't need, as this is copied into the
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite { set("$(template ${.splunk.sc4s_template} $(template t_msg_only))" value("MSG")); };

{{- if or (conv.ToBool (getenv "SC4S_DEST_SPLUNK_HEC_GLOBAL" "yes")) (conv.ToBool (getenv "SC4S_DEST_MCAFEE_EPO_STRUCTURED_HEC" "no")) }}
Expand Down
1 change: 1 addition & 0 deletions package/etc/context_templates/splunk_index.csv.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@
#juniper_nsm,index,netfw
#juniper_nsm_idp,index,netids
#juniper_legacy,index,netops
#mcafee_epo,index,epav
#nix_syslog,index,osnix
#pan_traffic,index,netfw
#pan_threat,index,netproxy
Expand Down

0 comments on commit 60815c1

Please sign in to comment.