[Oisf-users] Suricata's files-json.log and Splunk

Marcos Rodriguez marcos.e.rodriguez at gmail.com
Sat Apr 21 03:20:08 UTC 2012


On Fri, Apr 20, 2012 at 11:01 PM, Martin Holste <mcholste at gmail.com> wrote:

> Check out the framework in the contrib/file_processor
> directory which demos how to do some interesting things with the JSON
> file.  If you want, I can code up a quick syslog forwarder plugin
> which would be suitable for sending to
> Splunk.________________________________
> > Oisf-users mailing list
> > Oisf-users at openinfosecfoundation.org
> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users


Hi Martin,

Ah, nice!  I would love it, that would be a great resource if it's not too
much trouble.  I'm really liking the multi-site md5 correlation features.
 Thanks for the insight!

marcos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120420/ad780a4e/attachment-0002.html>


More information about the Oisf-users mailing list