Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.



Infoblox reports "lease threshold crossed" message in separate syslog messages

New Member
Posts: 3
544     0

Hi all,


wanted to know why Infoblox reports "lease threshold crossed" message in separate syslog messages, rather than a single one that would appear as one event in the splunk?


In the SMNP trap the information is concatenated in separate lines:

DHCP high threshold crossed:
Member: a.b.c.220
Network: a.b.c.0/24/default
Range: a.b.c.102/a.b.c.102///default/
High Trigger Mark: 90%
High Reset Mark: 85%
Current Usage: 100%
Active Leases: 1
Available Leases: 0

Total Addresses: 1 


would be good if it is in the same syslog message, instead that every piece of information needs to be a separate syslog message.

How to link the messages together to renders it possible for Splunk to extract the info?
We would like to see/use this alert in one line to use it in splunk.

thanks for your outputs

Showing results for 
Search instead for 
Did you mean: 

Recommended for You