Solved: Login to resource from Universal Forwarder?

lbogle · ‎05-22-2014

Hello,
I am trying to get logs sent from a firewall to a Universal Forwarder. To get logs from the Firewall, I need to configure the Universal Forwarder to provide the firewall with login credentials. Can I do this with a Universal Forwarder or do I need to use a heavy forwarder?
Thanks.

MuS · ‎05-22-2014

Hi lbogle,

reading your question, first thing that came up was why not use a scripted input to get these logs?
So did you check out the docs about scripted inputs?

Basically you create a script to get the logs and run this script cron like from the universal forwarder.

hope this helps ...

cheers, MuS

View solution in original post

MuS · ‎05-22-2014

Hi lbogle,

reading your question, first thing that came up was why not use a scripted input to get these logs?
So did you check out the docs about scripted inputs?

Basically you create a script to get the logs and run this script cron like from the universal forwarder.

hope this helps ...

cheers, MuS

martin_mueller · ‎05-22-2014

Well, without any more info I don't know what to say.

lbogle · ‎05-22-2014

Ha! I guess thats the question. The firewall need authentication credentials before it will allow the logs to leave so I'm not sure honestly...
Is there a spot in the universal forwarder to supply this information?
It may be too complex a request for the universal forwarder to do.
Thanks Martin.

martin_mueller · ‎05-22-2014

How does this kind of input work?

Login to resource from Universal Forwarder?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms