Skip to content

thatfrankwayne/TA-wg

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
default
default
 
 
metadata
metadata
 
 
static
static
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

icon

TA-wg

A Splunk technology add-on (TA) to collect and parse WireGuard logs.

Purpose

On forwarders, the TA ingests and parses WireGuard debug log events. WireGuard kernel log events written to systemd-journald or to a syslog file at /var/log/wireguard are indexed. On the search head, the TA parses those events at search time and adds various metadata fields.

Prerequisites and Dependencies

The TA requires a Linux operating system. The instructions (in Splunkbase) assume that systemd, journald and rsyslog are used on the monitored distribution. As of version TA-wg v1.0.0, journald is the preferred ingestion vector. Splunk version 9.1+ is required for [journald://] inputs. If your distribution does not use systemd or uses a version of Splunk prior to 9.1, check the installation instructions for more information.

Developer

The TA was developed by Frank Wayne.

Support Contact

Contact the developer with questions, bug reports or change requests. You can also refer or contribute to the GitHub repository.

About

A WireGuard log parser TA for Splunk

splunkbase.splunk.com/app/6129

Topics

wireguard splunk-addon

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

v1.0.0 Latest
Jul 17, 2024
+ 1 release

Packages

No packages published