[Oisf-users] Suricata's files-json.log and Splunk

Martin Holste mcholste at gmail.com
Sat Apr 21 03:01:19 UTC 2012

Check out the framework in the contrib/file_processor
directory which demos how to do some interesting things with the JSON
file.  If you want, I can code up a quick syslog forwarder plugin
which would be suitable for sending to Splunk.

On Fri, Apr 20, 2012 at 4:52 PM, Marcos Rodriguez
<marcos.e.rodriguez at gmail.com> wrote:
> Hi Everyone,
> Just out of curiosity, has anyone played with ingesting files-json.log into
> Splunk?  If so, how is that working out?   I may play around with that,
> since we're a Splunk shop for part of our research activities.  I just
> wanted to see how people are using the new JSON output.  Thanks!
> marcos
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

More information about the Oisf-users mailing list