Open it-kombinat opened 5 years ago
creating new repo for itkombinat-app with the input and props.conf
/opt/splunk/etc/system/local/input.conf
[default] host= [tcp://:514] connection_host = dns sourcetype = syslog source = tcp:514 disabled = 0 [monitor://var/log/*] connection_host = dns sourcetype = syslog [tcp://:1514] connection_host = dns sourcetype = snort source = tcp:1514 disabled = 0 [tcp://:2514] connection_host = dns sourcetype = cowrie source = tcp:2514 disabled = 0
props.conf
[source::tcp:1514] SHOULD_LINEMERGE=true BREAK_ONLY_BEFORE = \[\*\*\] \[\d+\:\d+\:\d+\] TIME_PREFIX = (?=\d+/\d+) TIME_FORMAT = %m/%d-%T.%6N [source::tcp:2514] INDEXED_EXTRACTIONS = json KV_MODE= none
creating new repo for itkombinat-app with the input and props.conf
/opt/splunk/etc/system/local/input.conf
props.conf