Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Reporting

Reply

Infoblox reports "lease threshold crossed" message in separate syslog messages

New Member
Posts: 2
324     0

Hi all,

 

wanted to know why Infoblox reports "lease threshold crossed" message in separate syslog messages, rather than a single one that would appear as one event in the splunk?

 

In the SMNP trap the information is concatenated in separate lines:

DHCP high threshold crossed:
Member: a.b.c.220
Network: a.b.c.0/24/default
Range: a.b.c.102/a.b.c.102///default/
High Trigger Mark: 90%
High Reset Mark: 85%
Current Usage: 100%
Active Leases: 1
Available Leases: 0

Total Addresses: 1 

 

would be good if it is in the same syslog message, instead that every piece of information needs to be a separate syslog message.

How to link the messages together to renders it possible for Splunk to extract the info?
We would like to see/use this alert in one line to use it in splunk.

thanks for your outputs

Showing results for 
Search instead for 
Did you mean: 

Recommended for You