[Oisf-users] Send Suricata's log to Splunk

Ted Skinner tskinner at comcast.net
Thu Mar 20 09:48:42 UTC 2014

Using a Splunk universal forwarder installed on your suricata server is
going to be the best method if you want to assure no loss of logging
information. Then you will want to configure an inputs.conf file on the
universal forwarder with a file monitor to monitor the directory with your
suricata logs. Then on the Splunk server you would configure all of your
field extractions, tagging and other knowledge objects associated with your
suricata events.





From: oisf-users-bounces at lists.openinfosecfoundation.org
[mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of
Sent: Thursday, March 20, 2014 1:54 AM
To: oisf-users
Subject: [Oisf-users] Send Suricata's log to Splunk


Hi all,

Have anybody successfully send the suricata's log to splunk without losing

Who could provide me a detailed document or a solution to integrate with


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140320/91037b30/attachment-0002.html>

More information about the Oisf-users mailing list