Closed lakshman237 closed 4 months ago
mstopa-splunk
commented
5 months ago Hello @lakshman237 please ask the customer for a TCP dump for this. I tried writing the parser based on the samples, but the vendor didn't follow syslog standard and this will require a custom regex parser. The format wasn't also described in SecurEnvoy docs, that's why need input examples from the TCP dump.
lakshman237
commented
5 months ago Thx @mstopa-splunk I have managed it on-board using //splunk_metadata.csv simple_securenvoy,index,test_index simple_securenvoy,sourcetype,SecurEnvoy
//env_file SC4S_LISTEN_SIMPLE_SECURENVOY_UDP_PORT=105xx
mstopa-splunk
commented
4 months ago all right, thank you. please reopen this issue if needed
What is the sc4s version ? 3.4
Is there a pcap available? sample logs Jan 22 20:01:41 10.x.x.x 22 Jan 2024 20:01:41 host1 Radius UserID=abc@company.com AD Password Accepted From ClientIP=10.x.x.x RemoteID= Passcode Check Still Required
Jan 22 19:52:51 10.x.x.x 22 Jan 2024 19:52:51 host2 Radius UserID=dag@cmy.com Passcode OK Access Accepted with Soft Token From ClientIP=10.x.y.z RemoteID=
What the vendor name? https://securenvoy.com/
What's the product name? MFA product - https://securenvoy.com/multi-factor-authentication-mfa/
Feature Request description:
Should it support TCP or UDP? UDP Do you want to have it for local usage or prepare a github PR? both please, local usage to test initially would be greatful