This app provides linux_secure field extractions and normalisation to the Common Information Model.
Simply install this app on your search head (no configuration required).
Further documentation is provided in the wiki here: https://github.com/doksu/TA-linux_secure/wiki
May this app improve the security of organisations great and small.
- Eventtypes updated to prevent warning about wildcards in the middle of a string (this is not listed as a bug because it did not actually negative impact search results)
- src_ip not extracted in recent versions of Splunk due to changes in how FIELDALIASing works (Thanks Martin Mueller for the fix and Paul + Rolf who reported the bug: https://github.com/doksu/TA-linux_secure/issues/1)
- Support for a wider range of events
- Support for Debian-based distributions' log formatting
- Unnecessary regex capture groups in some field extractions replaced with non-capture groups
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.