Correction on Sourcetype Configuration for FortiMail Events in SC4S Documentation #2352
Closed
PricklyPotato
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
I've identified a small discrepancy in the SC4S documentation regarding the configuration for FortiMail event data. In the current SC4S documentation (available at https://splunk.github.io/splunk-connect-for-syslog/3.21.0/sources/vendor/Fortinet/fortimail/), it instructs users to add an underscore (_) at the end of the sourcetype for FortiMail.
However, I found that the correct sourcetype configuration to properly send FortiMail event data does not include the underscore. The accurate sourcetype should be as follows:
fortinet_fortimailThe presence of the underscore seems to be a typographical error. I am attaching an image from the manual for reference. This correction could potentially help others who are attempting to set up FortiMail with SC4S.
Could the documentation be updated to reflect this correct sourcetype configuration?
Thank you for looking into this matter.
Best regards,
PricklyPotato
Beta Was this translation helpful? Give feedback.
All reactions