search

datapunctum / TA-pfsense

Splunk Technology Add-On for pfsense
Apache License 2.0
11 stars 10 forks source link

sourcetype not changed #18

Open GiuseppeLaurenza opened 1 year ago

GiuseppeLaurenza commented 1 year ago

Freshly install of TA on SearchHead, Indexer, Intermediate HeavyForwarder and HeavyForwarder that directly receive syslog messages from pfsense firewall.

inputs.conf is [udp://1234] connection_host = ip disabled = 0 index = test no_appending_timestamp = true sourcetype = pfsense

Any suggestion or ideas?