Enterprise Security RFC5424¶
Key facts¶
- MSG Format based filter
- RFC5424
Links¶
Ref | Link |
---|---|
Splunk Add-on | non |
Sourcetypes¶
sourcetype | notes |
---|---|
kaspersky:syslog:es | Where PROGRAM starts with KES |
kaspersky:syslog | None |
Sourcetype and Index Configuration¶
key | sourcetype | index | notes |
---|---|---|---|
kaspersky_syslog | kaspersky:syslog | epav | none |
kaspersky_syslog_es | kaspersky:syslog:es | epav | none |