TA-linux_iptables v1.3.8

• Added sample configuration for the syslog sourcetype if IPtable data is mixed with syslog data.
• Updated log_prefix field extraction to consider log prefixes surrounded with quotes.

TA-linux_iptables v1.3.7

• fixed incorrect app value for UFW events - #5
• updated regex for different UFW log formats - #8

TA-linux_iptables v1.3.6

Notice:
This updated simplifies the number of sourcetypes down to a single sourcetype (linux:iptables). Any existing reports/alerts/views that are utilizing the old sourcetypes ("linux:iptables:ufw" or "linux:iptables:firewalld") will be impacted. Verify before updating to this version.

• added support for firewalld rich rules - #2
• updated to only use the single sourcetype, 'linux:iptables'
• updated action lookup to use wildcards

TA-linux_iptables v1.3.5

New

• Adding support for Splunk Cloud