Hello community!
So, I have a situation where theres a discrepancy between the volume of logs ingested by FAZ and the license consumption on Splunk. FAZ forwards logs to the Splunk and there's a difference of about 30Gb/day more when we check the Splunk side.
Some dets:
Traffic is being forwarded at udp 514
An Fortinet addon is being used for integration between the two solutions.
Have anyone seen this before or have any idea of what it could be?
I appreciate any information.
#FortiAnalyzer #FAZ #Splunk #SIEM
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello
Since udp is connectionless, can it be caused by lost packets?
Don't think so because the higher value is at the receiving end.
Thanks for the info.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1714 | |
1093 | |
752 | |
447 | |
232 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.