AnsweredAssumed Answered

Parse kiwi syslog

Question asked by Clement Chee Seng Lim on Feb 7, 2018
Latest reply on Feb 11, 2018 by Clement Chee Seng Lim

Currently the customer log sources are first sending the logs to a Kiwi syslog forwarder, before forwarding the logs to the VLC. At the SA Head UI, the logs being seen are all via one device ip. The analysts are creating correlation rules based on event source grouping. ( below is the diagram of the traffic flow). 

 

Can we do a Parse  to solve the issues single device IP or there are some configuration that need to be done to resolve this issues?

 

Outcomes