parser for log source Sucuri

[narsree1]

**What is the sc4s version? 3.23.0

**Is there a pcap available? If so, would you prefer to attach it to this issue or send it to Splunk support? No

**What the vendor name? Sucuri

**What's the product name? WAF

**If you're requesting support for a new vendor, do you have any preferences regarding the default index and sourcetype for their events? index:Sucuri , Sourcetype: sucuri:alert

**Do you have syslog documentation or a manual for that device??https://docs.sucuri.net/website-firewall/configuration/integrating-with-splunk/

**Feature Request description: create a parser to parse events for Sucuri

**Do you want to have it for local usage or prepare a github PR? local usage

[mstopa-splunk]

hi @narsree1 the log format provided in the attached documentation doesn't seem to be right and they provided only one example. Can you fetch more examples to a pcap file?

[ikheifets-splunk]

It seems that we haven't any activity during last 2 weeks.
@narsree1 can you please share pcap file (with logs that producing your Sucuri device), you can send me on email ikheifets@splunk.com