I would like to see a list of individual devices sending syslog to our SecOps environment. All syslog is going through Bindplane collection agents. I’ve configured Bindplane to append IP information for each syslog exporter as an ingestion_label. It looks like I can use this in the context of a UDM search or maybe a dashboard. Just checking if this question/problem has already been solved through another approach.
Question
How to show individual syslog exporters
+3
+16You can certainly use the labels as a search, dashabords or even parsers.
Ingestion labels are pretty common practice.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.