Skip to content


Key facts

  • MSG Format based filter
  • Legacy BSD Format default port 514
Ref Link
Splunk Add-on
Product Manual


sourcetype notes
ossec The add-on supports data from the following sources: File Integrity Management (FIM) data, FTP data, su data, ssh data, Windows data, including audit and logon information

Sourcetype and Index Configuration

key sourcetype index notes
ossec_ossec ossec main None