According to the documentation here I need to have ids_type in my events as follows ids_type="network" or ids_type="application" or ids_type="host". How can I add a field value pair to my events automatically? Would I have to create this in transforms.conf?
[netdefender]
REGEX = Netdefender
FORMAT = ids_type=network
WRITE_META = true
This is a portion of a sample event:
Jan 30 10:32:43 192.168.1.1 Netdefender: 30-01-2014 02:54:05 WARNING
I am not sure how this works its been a long day. Help please!