It can ingest W3C-compliant log files generated by standard logging as well as advanced logging in IIS. I have followed the implementation as per the documentation and can see the EPO query builds the timestamp properly at the beginning of the log, but for some reason the indexer is not picking up the appropriate timestamp of the event. This app integrates with McAfee Web Gateway to perform contain and correct actions for maintaining lists. The Splunk Add-on for Microsoft IIS allows a Splunk software administrator to collect Web site activity data in the W3C log file format from Microsoft IIS servers. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.ĭownload the Splunk Add-on for McAfee ePO Syslog from Splunkbase.įor a summary of new features, fixed issues, and known issues, see Release Notes for the Splunk Add-on for McAfee ePO Syslog.įor information about installing and configuring the Splunk Add-on for McAfee, see Install the Splunk Add-on for McAfee ePO Syslog. Timestamp Issue with Splunk Add-on for McAfee. You can then directly analyze the data or use it as a contextual data feed to correlate with other security data in Splunk. The Splunk Add-on for McAfee NSP will allow a Splunk software administrator to collect Alert events, Audit Events, Firewall Access Events and Fault Events. The Splunk Add-on for McAfee ePO Syslog provides the index-time and search-time knowledge for intrusion prevention and malware scan data from the following formats. The Splunk Add-on for McAfee ePO Syslog lets a Splunk Enterprise administrator collect anti-virus information via Syslog. Splunk Add-on for McAfee ePO Syslog Version
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |