Quantcast
Channel: Latest Questions on Splunk Answers
Viewing all articles
Browse latest Browse all 13053

Wrong host identifier in SYSLOG messages

$
0
0

I am new to Splunk and I am sure my question is not new to the community. I have 220 Cisco endpoints reporting SYSLOG data to Splunk. All seems to be working well - except the logging of successful and failed login attempts. These messages are making it to Splunk but they are being identified as coming from host "pst" - not the host's IP address. Subsequently I cannot tell which message belongs to which host. I have about 100,000 of these failed login messages and I need to deal with them but I can't tell which Cisco devices are under attack.


Viewing all articles
Browse latest Browse all 13053

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>