AnsweredAssumed Answered

Need to determine what logs I am not ingesting.....Help

Question asked by SSRCFleck on Jun 11, 2014
Latest reply on Jun 12, 2014 by huan zhou

Like • Show 0 Likes0
Comment • 3

Good Morning,

We have about 1600 windows servers in multiple domains with the snare client sending to a central syslog server that forwards to one of our log hybrids. I am only seeing around 700 servers getting to the log hybrid. I need to determine which servers are not getting through the firewalls. Is there a way to run a report of DNS names getting to the log hybrid? If I had the domains that are being ingested I could determine which domains are not getting through.

Thanks for any help,

John

No one else has this question

Outcomes

3 Replies

huan zhou Jun 11, 2014 11:23 AM
Mark Correct
Correct Answer
select device.name.
can you monitor the device ips from logdecoder-stats.
Like • Show 0 Likes0
Actions
- SSRCFleck @ huan zhou on Jun 12, 2014 11:02 AM
  Mark Correct
  Correct Answer
  Thanks.
  
  How can I run a report to list all IP's?
  
  John
  Like • Show 0 Likes0
  Actions
  - huan zhou @ SSRCFleck on Jun 12, 2014 11:17 PM
    Mark Correct
    Correct Answer
    yes, you can. select device.ip, don't put any limit.
    Like • Show 0 Likes0
    Actions

Need to determine what logs I am not ingesting.....Help

Outcomes

Related Content

Recommended Content