You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Nov 15, 2022. It is now read-only.
Is your feature request related to a problem? Please describe.
When client is importing logs into Splunk for example via LEC with SSH decoding enabled, multiple data chunks come into Splunk gathered into a decodedEvents[].data[] object. It makes it very hard to parse this information and have to click through and expand multiple data fields to find the needed information, like the ssh commands. There's also a lot of unneeded/garbage information that could be removed from this decoded ssh stream to make it cleaner.
Describe the solution you'd like
When exporting the decoded SSH data, format/package it into an easier to ingest format that log aggregators can display better. If possible export the data into individual properties/fields that can be parsed easier. Client is used to ingesting auditd logs which are really easy to read/parse within Splunk in individual fields for each property for example.
Describe alternatives you've considered
N/A
Additional context
Example screenshot:
For more details and a zoom recording of issue explanation, please reach out to Nir.
Is your feature request related to a problem? Please describe.
When client is importing logs into Splunk for example via LEC with SSH decoding enabled, multiple data chunks come into Splunk gathered into a decodedEvents[].data[] object. It makes it very hard to parse this information and have to click through and expand multiple data fields to find the needed information, like the ssh commands. There's also a lot of unneeded/garbage information that could be removed from this decoded ssh stream to make it cleaner.
Describe the solution you'd like
When exporting the decoded SSH data, format/package it into an easier to ingest format that log aggregators can display better. If possible export the data into individual properties/fields that can be parsed easier. Client is used to ingesting auditd logs which are really easy to read/parse within Splunk in individual fields for each property for example.
Describe alternatives you've considered
N/A
Additional context
Example screenshot:
For more details and a zoom recording of issue explanation, please reach out to Nir.