Trying to configure the Web Gateway access log in Splunk while also retaining current logs data and formats from previous vendor. Previous license is specific the the source-type for the previous vendor. Anyone attempted this? Any assistance is appreciated.
Or in other words...
Has anyone tried to create a log handler rule to emulate the Cisco WSA format so the upstream logging reporting systems don't have to be changed? Just to save time until the upstream systems can be migrated.
Web gateway can do anything!
If you need it to send logs to multiple servers, it can.
If you need to to send multiple log formats to multiple servers, it can.
We need details on the format in order to help you though.