We have updated our Terms of Service, Code of Conduct, and Addendum.

Using cribl TCP source can we whitelist IP addresses

Hey All,

Trying to setup TCP source to onboard our vendor saas logs in to our onprem splunk. With Cribl can we do IP whitelisting for the TCP source and allow only certain IPs instead of opening it up to public. My setup is onprem so want to see if there are possibilities available in the cribl side.

Tagged:

Comments

  • Tony Reinke
    Tony Reinke Posts: 10

    In Sources > TCP, under Configure > Advanced Settings, there is a section "IP Allowlist Regex".

    https://docs.cribl.io/stream/sources-tcp-raw/#advanced-settings

    IP allowlist regex
    : Regex matching IP addresses that are allowed to establish a connection. Defaults to .* (i.e,. all IPs).