Add logging with Splunk HEC

techservicesillinois / secdev-quarantinenetwork

Source code for the Quarantine Network API and self-service portal

Other

2 stars 0 forks source link

Add logging with Splunk HEC #20

Open zdc217 opened 4 years ago

zdc217 commented 4 years ago

Add logging with Splunk HTTP Event Collector

Indexes and HEC keys were already set up by the Splunk team. Need to discuss briefly with @r-walker how index should be used.

r-walker commented 4 years ago

There are 3 indexes: apps-quarantine_techsvc - for application logging, so anything for the dev's and system admins (debugging, error reporting, health checks, API call rates, duration, ) security-quarantine-test_techsvc - test index for events (blocks, unblocks, reasons for blocks, etc) security-quarantine_techsvc - events (blocks, unblocks, reasons for blocks, etc)

That's my intention, but I'm open to thoughts / discussion

r-walker commented 4 years ago

Apparently, I can't write to this repo. I was hoping to add a postman collection with an example of how to log to the splunk HEC.

Would you like me to share that via Postman teams?