Request: Please send me sample logs which I can test with! Some redacted sample logs I have collected are in the samples directory. Overview Push Notfications over McAfee OpenDXL Supported Actions Version 1.1.2 test connectivity: Validate the asset configuration for DXL connectivity. I don't use all features of Mcafee Email Gateway, and as such not all fields are mapped as I cannot test them. Download the Splunk Add-on for McAfee ePO Syslog from Splunkbase. It can ingest W3C-compliant log files generated by standard logging as well as advanced logging in IIS. Splunk Add-on for McAfee ePO Syslog works with Splunk Connect for Syslog, which provides a number of benefits over the legacy database integration. The Splunk Add-on for Microsoft IIS allows a Splunk software administrator to collect Web site activity data in the W3C log file format from Microsoft IIS servers. For best results, you should deploy and use the new Splunk Add-on for McAfee ePO Syslog. If you run an alternative or custom format send me a sample and I will support that in the next release (which will be accelerated).īecause of the many formats supported the props and transforms are a little bit spaghetti and not 100% consistent. Splunk Add-on for McAfee Splunk Add-on for McAfee is no longer supported. I strongly recommend the "splunk log format" as it is most tested. As of version 0.0.1 it supports the "splunk log format", and then "CEF log format". TA-meg will attempt to support EVERY format provided by Mcafee Email Gateway. Mcafee Emailgateway has the ability to push logs our in a large amount of formats. TA-meg expects incoming data to be of sourcetype=meg. This is a Splunk Technology Adapter for Mcafee Email Gateway (referenced by meg in the rest of this document) the nomenclature has changed in recent releases to be called a "splunk add-on". This application is under the following license: This application is primarily supported via the following relevant links: This TA attempts to accept ALL mcafee email gateway fileformats Supports all tested versions of Splunk (tested up to 6.6.1)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |