Configure Imperva SecureSphere WAF to send data to the Splunk Add-on for Imperva SecureSphere WAF
To enable the Splunk Add-on for Imperva SecureSphere WAF to collect data from Imperva SecureSphere WAF, you configure Imperva SecureSphere WAF to produce syslog output with an output format of "default" or "splunk" and push it to the data collection node of your Splunk platform installation.
Splunk recommends that you use Splunk Connect for Syslog (SC4S) to collect Syslog data, see Imperva SecureSphere WAF in the SC4S documentation.
The Common Event Format (CEF) is the default format for data. For information on configuring the CEF log format, see the Imperva docs at https://www.imperva.com.
Next, configure your data collection node to receive data from Imperva SecureSphere WAF as described in Configure inputs for the Splunk Add-on for Imperva SecureSphere WAF.
Install the Splunk Add-on for Imperva SecureSphere WAF | Configure inputs for the Splunk Add-on for Imperva SecureSphere WAF |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!