Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 3 subscribers
  • Views 12543 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Syslog field layout help?

b1r2s
Hey all, I'm working on building a free app for Splunk utilizing syslog data from UTM.  I've got screen shots if anyone is interested.  I'd like to know if there is anyone that can confirm all of the fields, as I don't see that information documented anywhere.  Things like size (is that bytes?), perc, proto (shouldn't that be 0-7?), id, etc.  

Does a list exist anywhere?


This thread was automatically locked due to age.
Parents
  • 0
    teched:  I do have that document open (found it after I started the thread) and it was useful in determining some of the fields. As for a human readable translation of the IDs, well, just that, a human readable version makes reporting nicer.

    Scott_Klassen, that link was definitely useful.

    here are a few screen shots of the dashboarding in Splunk





Reply
  • 0
    teched:  I do have that document open (found it after I started the thread) and it was useful in determining some of the fields. As for a human readable translation of the IDs, well, just that, a human readable version makes reporting nicer.

    Scott_Klassen, that link was definitely useful.

    here are a few screen shots of the dashboarding in Splunk





Children
No Data
Unfiltered HTML