Getting a Origination Source IP from Raw Data

rford · November 18, 2021, 5:26pm

Hi All,

When trying to digest some raw logs from network devices we’re running into the problem where InsightIDR does not natively insert the IP address from which the syslog was sent. I understand that this could be separated out by event source/port but that will be difficult with a multitude of network devices. Is there any way to have the platform insert the IP that the syslog originated from or does anyone know a workaround?

Thank you,

david_smith · November 18, 2021, 5:34pm

Hi @rford you would need to have the source machine log its own IP within the log itself, perhaps there is a logging option that this can be configured for these devices?

If not we cannot detect and append the IP to these logs natively, so short of that you would need to use Nxlog or some other method to add this detail to the logs prior to reaching the collector.