TCP Multiline Syslog Log Source Parameters for Splunk
If JSA does not automatically detect the log source, add a Splunk log source on the JSA Console by using the TCP Multiline Syslog protocol.
When using the TCP Multiline Syslog protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect TCP Multiline Syslog events from Splunk:
Parameter |
Value |
---|---|
Log Source Type |
Microsoft Windows Security Event Log |
Protocol Configuration |
TCP Multiline Syslog |
Log Source Identifier |
Type the IP address or host name for the log source as an identifier for events from your Splunk appliance. The log source identifier must be unique value. |