This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2012-01-30 11:25 AM

How to receive log, forwarded by SPLUNK?

I am able to forward log from SPLUNK to another syslog server. From envision side, I don't know how to receive it. I started to look at Manage file reader service under Universal device collection under system configuration. I am looking at similar message service like APACHE file reader service. I am not sure I should add SPLUNK into file reader service or LEA client Service or SDEE collection service. I would really appreciate your help. Thanks
0 Likes
Reply
1 Reply
ScottPause
Beginner
Beginner
‎2012-02-24 03:36 PM

It depends on how you can send/get it from splunk. Syslog, file or ODBC?

 

Once you figure out your method, then you need to get a copy of the log data into envision, using the method chosen.

 

Then you have to use Event Source Integrator to build out your cutom XML for your logs from splunk, which likely do not match what came from the original device (if that is the intent).

 

ESI can work well.  We've used it ourselves to validate/design our custom efforts. But it is not a trivial effort, it takes a bit to figure out.  Read the documentation for it.

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.