<p dir="ltr">With all of this discussion about JSON, I will see if the guide applies to Splunk 6 (adapt as necessary).</p>
<p dir="ltr">My issue is always the same:</p>
<p dir="ltr">Full Packet Capture or GTFO</p>
<div class="gmail_quote">On Mar 25, 2014 12:36 PM, "Cooper F. Nelson" <<a href="mailto:cnelson@ucsd.edu">cnelson@ucsd.edu</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
The current version of logstash is 1.4.0 and does not work with this<br>
guide. Would it be possible to get it updated?<br>
<br>
I'll offer to help in any way possible, with the caveat that I haven't<br>
been able to get it to work myself.<br>
<br>
On 3/25/2014 3:41 AM, Victor Julien wrote:<br>
<br>
><br>
> The Eve log allows for easy 3rd party integration. It has been created<br>
> with Logstash in mind specifically and we have a quick setup guide here<br>
> <a href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/_Logstash_Kibana_and_Suricata_JSON_output" target="_blank">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/_Logstash_Kibana_and_Suricata_JSON_output</a><br>
><br>
><br>
<br>
<br>
<br>
- --<br>
Cooper Nelson<br>
Network Security Analyst<br>
UCSD ACT Security Team<br>
<a href="mailto:cnelson@ucsd.edu">cnelson@ucsd.edu</a> x41042<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2.0.17 (MingW32)<br>
Comment: Using GnuPG with Thunderbird - <a href="http://www.enigmail.net/" target="_blank">http://www.enigmail.net/</a><br>
<br>
iQEcBAEBAgAGBQJTMbBgAAoJEKIFRYQsa8FW4JgH/RSp0G99X3CV2rDfqvvCR91O<br>
mc6wR0QGWBYJEAOSK4trEdWHzTyxF6V2d7DtHmg7Wuw4shR5q44PCAYpmhJuJOGF<br>
Pc5OgZzOVL9e8k1QdIBfX+L+YQ6j8jIyE9diwQ6/I+IMDNpkAGu+FLQxGsVXd1qx<br>
ejw5G8VZKDGWWcZX8Aotqp6GZK25g3bFKoHO0no2tukF7UuLQCg7jL+8FzrLKlj7<br>
N4XwAtc9ik7aUMbP64HUEFde+Yf8mgUbjasqO0N4gk55pT2IhkUMgfE1Mq6vmDc5<br>
+5qH1/kQ9iTjLvOyHo8S4SwtHKS9FkJVljPSeLmuZj9YwOZPANR0h9uyBK5HdUE=<br>
=4nH8<br>
-----END PGP SIGNATURE-----<br>
_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
OISF: <a href="http://www.openinfosecfoundation.org/" target="_blank">http://www.openinfosecfoundation.org/</a><br>
</blockquote></div>