TA-linux_iptables - Add-on for Linux Iptables
Documentation
Full documentation can be found at https://splunk-iptables.ztsplunker.com.
About
Info | Description |
---|---|
Version | 1.3.8 - See on Splunkbase |
Vendor Product | RHEL/CentOS - Firewalld, Ubuntu - UFW, built-in IPtables |
Add-on has a web UI | No. This add-on does not contain any views. |
The TA-linux_iptables Add-on allows Splunk data administrators to map the linux firewall events to the CIM enabling the data to be used with other Splunk Apps, such as Enterprise Security.
Release Notes
Version: 1.3.8
- Added sample configuration for the syslog sourcetype if IPtable data is mixed with syslog data.
- Updated log_prefix field extraction to consider log prefixes surrounded with quotes.
Issues or Feature Requests
Please open an issue or submit feature requests at GitHub