cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
517
Views
0
Helpful
0
Replies
dpinard
Beginner

IRONPORT Logging (Trimming?)

We currently have 2 IronPort (S370) Proxy servers that through the GUI (System Administration / Log Subscription) we FTP our logs to a SPLUNK server for archiving / reporting.

Our splunk server has a 3GB daily indexing limit which has been exceeded 9 times in the last month.

Is there a way to customize the log data for which I am only interested in?  I know through the GUI, we can add fields to be logged but I suspect whats being logged by default is already the minimum.

Is this log customization possible or do I need to open up my wallet and purchase a larger SPLUNK license?

Thanks in advance.

0 REPLIES 0
Content for Community-Ad
This widget could not be displayed.