OM
Dec 09, 2015Nimbostratus
splunk attack signature id
hi,
when splunk receives the ASM logs, the signature of the attack is missing. I also checked the asm logs (/var/log/asm), same result. These logs are called local-syslog. However, the database logs of the asm has all attack signature details. These logs are called local-db.
I am trying to figure out how the asm database logs (local-db) are converted to syslogs (local-syslog), and why some some details are missing in the syslogs.
thanks.
O.