Re: Syslog processing from cisco switches to Splunk

Hi An example message is: <190>2155664: Oct 18 11:54:58: %SEC-6-IPACCESSLOGP: list inbound-to-zzz denied tcp 192.168.0.1(12345) -> 192.168.10.1(443), 1 packet Many thanksDave On Thursday, 19 October 2017, 14:37, Bryan Bende wrote: If you can provide an example message

Re: Syslog processing from cisco switches to Splunk

If you can provide an example message we can try to see why ListenSyslog says it is invalid. I'm not sure that will solve the issue, but would give you something else to try. On Thu, Oct 19, 2017 at 8:38 AM, Andrew Psaltis wrote: > Dave, > To clarify you are using the

Re: Syslog processing from cisco switches to Splunk

Dave, To clarify you are using the PutUDP processor, not the PutSplunk processor? On Thu, Oct 19, 2017 at 7:31 AM, DAVID SMITH wrote: > Hi > We are trying to do something which on the face of it seems fairly simple > but will not work.We have a cisco switch which is

Syslog processing from cisco switches to Splunk

Hi We are trying to do something which on the face of it seems fairly simple but will not work.We have a cisco switch which is producing syslogs, normally we use zoneranger to send them to Splunk and the records are shown.However we want to do a bit of content routing, so we are using NiFi