Ingesting data in LEEF

Hello Everyone,

Does DNIF version 9 support LEEF format? I have few devices that are unable to send data in Syslog so I am stuck here.

Can someone please guide me here.

Hi John,

DNIFv9 does support collection of LEEF and CEF formatted logs over UDP, TCP and TLS Syslog. We already ship with multiple LEEF-based extractors out of the box and it’s pretty easy to tweak them or create a new one.

Regards,
Nikhil

2 Likes

Thanks @nikhil - On which port should I forward LEEF logs to on PICO? Can i forward on same port to Adapter as well?

1 Like

PICO supports UDP Log Collection on Port 514.

1 Like

Does it support TCP as well on 514 for LEEF? I have few devices that forward only in TCP over LEEF in TCP. To name a few, Zscalar PA

BTW, any idea on forwarding in CSV or JSON? On which port do i send these on PICO?

The log format has no bearing on log transport. LEEF, CEF, CSV, JSON logs can be transported over UDP, TCP, TLS, Beats via Filebeat or any other protocol supported by the Adapter. The current release of PICO only supports UDP transport though.

1 Like