Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FAZ to Splunk
Hello community!
So, I have a situation where theres a discrepancy between the volume of logs ingested by FAZ and the license consumption on Splunk. FAZ forwards logs to the Splunk and there's a difference of about 30Gb/day more when we check the Splunk side.
Some dets:
Traffic is being forwarded at udp 514
An Fortinet addon is being used for integration between the two solutions.
Have anyone seen this before or have any idea of what it could be?
I appreciate any information.
#FortiAnalyzer #FAZ #Splunk #SIEM
ti03udes
ti03udes
Labels:
- Labels:
-
FortiAnalyzer
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
Since udp is connectionless, can it be caused by lost packets?
AEK
AEK
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Don't think so because the higher value is at the receiving end.
ti03udes
ti03udes
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the info.
