
<p dir="ltr">With all of this discussion about JSON, I will see if the guide applies to Splunk 6 (adapt as necessary).</p>

<p dir="ltr">My issue is always the same:</p>

<p dir="ltr">Full Packet Capture or GTFO</p>

<div class="gmail_quote">On Mar 25, 2014 12:36 PM, "Cooper F. Nelson" <<a href="mailto:cnelson@ucsd.edu">cnelson@ucsd.edu</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

-----BEGIN PGP SIGNED MESSAGE-----<br>

Hash: SHA1<br>

<br>

The current version of logstash is 1.4.0 and does not work with this<br>

guide.  Would it be possible to get it updated?<br>

<br>

I'll offer to help in any way possible, with the caveat that I haven't<br>

been able to get it to work myself.<br>

<br>

On 3/25/2014 3:41 AM, Victor Julien wrote:<br>

<br>

><br>

> The Eve log allows for easy 3rd party integration. It has been created<br>

> with Logstash in mind specifically and we have a quick setup guide here<br>

> <a href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/_Logstash_Kibana_and_Suricata_JSON_output" target="_blank">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/_Logstash_Kibana_and_Suricata_JSON_output</a><br>


><br>

><br>

<br>

<br>

<br>

- --<br>

Cooper Nelson<br>

Network Security Analyst<br>

UCSD ACT Security Team<br>

<a href="mailto:cnelson@ucsd.edu">cnelson@ucsd.edu</a> x41042<br>

-----BEGIN PGP SIGNATURE-----<br>

Version: GnuPG v2.0.17 (MingW32)<br>

Comment: Using GnuPG with Thunderbird - <a href="http://www.enigmail.net/" target="_blank">http://www.enigmail.net/</a><br>

<br>

iQEcBAEBAgAGBQJTMbBgAAoJEKIFRYQsa8FW4JgH/RSp0G99X3CV2rDfqvvCR91O<br>

mc6wR0QGWBYJEAOSK4trEdWHzTyxF6V2d7DtHmg7Wuw4shR5q44PCAYpmhJuJOGF<br>

Pc5OgZzOVL9e8k1QdIBfX+L+YQ6j8jIyE9diwQ6/I+IMDNpkAGu+FLQxGsVXd1qx<br>

ejw5G8VZKDGWWcZX8Aotqp6GZK25g3bFKoHO0no2tukF7UuLQCg7jL+8FzrLKlj7<br>

N4XwAtc9ik7aUMbP64HUEFde+Yf8mgUbjasqO0N4gk55pT2IhkUMgfE1Mq6vmDc5<br>

+5qH1/kQ9iTjLvOyHo8S4SwtHKS9FkJVljPSeLmuZj9YwOZPANR0h9uyBK5HdUE=<br>

=4nH8<br>

-----END PGP SIGNATURE-----<br>

_______________________________________________<br>

Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>

Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>

List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>

OISF: <a href="http://www.openinfosecfoundation.org/" target="_blank">http://www.openinfosecfoundation.org/</a><br>

</blockquote></div>