Skip to content

Commit

Permalink
docs: update destinations.md (#2578)
Browse files Browse the repository at this point in the history
  • Loading branch information
mstopa-splunk authored Sep 12, 2024
1 parent 9089665 commit 90337ff
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions docs/destinations.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ You can configure Splunk Connect for Syslog to use any destination available in
* RFC5424 Syslog,
* and Legacy BSD Syslog.

**Note:** Some external SIEM systems do not correctly parse host information. Instead of extracting the host from the message, they immediately rely on the header. SC4S, as a relay, places its own IP address in the UDP or TCP header, which is the correct behavior. In this situation, the SIEM may display the SC4S IP as the source IP, but this is not a fault of SC4S.

# HEC destination

## Configuration options
Expand Down Expand Up @@ -34,8 +36,6 @@ Compression affects the content but does not affect the HTTP headers. Enable bat

The use of "syslog" as a network protocol has been defined in Internet Engineering Task Force standards RFC5424, RFC5425, and RFC6587.

**Note**: SC4S sending messages to a syslog destination behaves like a relay. This means overwriting some original information, for example the original source IP.

## Configuration options

| Variable | Values | Description |
Expand Down

0 comments on commit 90337ff

Please sign in to comment.