RUN $SYSTEM.SYSTEM.PING /OUTVRoutine error in LAF <<
On Monday, November 9, 2020 at 3:23:24 AM UTC-5, Aditya Pratomo wrote:every 5 mins.
On Monday, August 6, 2018 at 9:31:00 PM UTC+7, Rob Lesan wrote:
On Sunday, August 5, 2018 at 11:46:43 PM UTC-4, prabinku...@gmail.com wrote:
On Friday, August 3, 2018 at 11:09:03 AM UTC+5:30, prabinku...@gmail.com wrote:
How to connect OSS files to splunk? Any PAX available from HP, please suggest.
Basically, thru SPLUNK I wanted to monitor our application log, the application log is present in Guardian environment. Currently the logs are present in SQL tables for only 5 mins before it goes to next system. And SQL table gets wiped off in
18),. thank you for helping mewhat I am thinking, if I could tweak my application program, to log data into OSS file additionally, and somehow SPLUNK can monitor the OSS file, that will server my purpose.Have you looked at using XYGATE Merged Audit for this? It can accept a lot of different type of log data and can forward it to Splunk in syslog format with key/value pairs that you can configure.
(In OSS, I can create new files depending size of the files filled from log data, that I can control).
Ping me if you need more information on this (rob.lesan at xypro.com)can you help me how to connect XYGATE MA to Splunk? now my config is XYGATE MA to ArcSight,. XYGATE MA only have 2 filter, LAFARC dan LAFRSA, (LAFARC, (ArcSight Log Adapter Filters - Version 1.2), LAFRSA, (RSA enVision Log Adapter Filters - Version 1.
You can use the LAFARC filters to send to Splunk. LAFARC formats the data in CEF (Common Event Format) that Splunk will accept.
If you want to modify the payload, you can make a copy of the LAFARC file and use a #INCLUDE statement in your FILTERS file to include the additional formatting.
Here is what the bottom of my FILTERS file looks like:
! Begin ArcSight Log Adapter Filters - Version 1.22
#DEFINE ^ARC_STATUS ACTIVE
#DEFINE_BEGIN ^ARC_ACTIONTYPE
ACTIONTYPE SYSLOGQ
IPALERT_MSGDELIMITER CR
#DEFINE_END
#DEFINE_BEGIN ^ARC_ROUTING
IPALERT_ADDRESS 10.1.1.1
IPALERT_PORT 27169
IPALERT_IPPROCESS $ZTC0
#DEFINE_END
#INCLUDE $FOO.BAR.LAFARC
! End ARCSight Log Adapter Filters
! Begin Splunk Log Adapter Filters - Version 1.22
#DEFINE ^SPLUNK_STATUS ACTIVE
#DEFINE_BEGIN ^SPLUNK_ACTIONTYPE
ACTIONTYPE SYSLOGQ
IPALERT_MSGDELIMITER CR
#DEFINE_END
#DEFINE_BEGIN ^SPLUNK_ROUTING
IPALERT_ADDRESS 10.1.1.2
IPALERT_PORT 27110
IPALERT_IPPROCESS $ZTC0
#DEFINE_END
#INCLUDE $FOO.BAR.LAFSPLNK
! End Splunk Log Adapter Filters
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 286 |
Nodes: | 16 (2 / 14) |
Uptime: | 89:35:13 |
Calls: | 6,496 |
Calls today: | 7 |
Files: | 12,100 |
Messages: | 5,277,448 |