[Oisf-users] Suricata's files-json.log and Splunk

Victor Julien victor at inliniac.net
Sat Apr 21 08:59:06 UTC 2012

On 04/21/2012 05:20 AM, Marcos Rodriguez wrote:
> On Fri, Apr 20, 2012 at 11:01 PM, Martin Holste <mcholste at gmail.com
> <mailto:mcholste at gmail.com>> wrote:
>     Check out the framework in the contrib/file_processor
>     directory which demos how to do some interesting things with the JSON
>     file.  If you want, I can code up a quick syslog forwarder plugin
>     which would be suitable for sending to
>     Splunk.________________________________
>     > Oisf-users mailing list
>     > Oisf-users at openinfosecfoundation.org
>     <mailto:Oisf-users at openinfosecfoundation.org>
>     > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Hi Martin,
> Ah, nice!  I would love it, that would be a great resource if it's not
> too much trouble.  I'm really liking the multi-site md5 correlation
> features.  Thanks for the insight!  

If you get it working please consider posting about it on our
documentation wiki.

Also, if you create scripts for it I'd be happy to include them in our
contrib director.


Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list