Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

TCP Multiline Syslog Log Source Parameters for Splunk

If JSA does not automatically detect the log source, add a Splunk log source on the JSA Console by using the TCP Multiline Syslog protocol.

When using the TCP Multiline Syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect TCP Multiline Syslog events from Splunk:

Table 1: TCP Multiline Syslog Log Source Parameters for the Splunk DSM

Parameter

Value

Log Source Type

Microsoft Windows Security Event Log

Protocol Configuration

TCP Multiline Syslog

Log Source Identifier

Type the IP address or host name for the log source as an identifier for events from your Splunk appliance.

The log source identifier must be unique value.