[Oisf-users] Send Suricata's log to Splunk

Ted Skinner tskinner at comcast.net
Thu Mar 20 09:48:42 UTC 2014


Using a Splunk universal forwarder installed on your suricata server is
going to be the best method if you want to assure no loss of logging
information. Then you will want to configure an inputs.conf file on the
universal forwarder with a file monitor to monitor the directory with your
suricata logs. Then on the Splunk server you would configure all of your
field extractions, tagging and other knowledge objects associated with your
suricata events.

 

-Ted

 

 

From: oisf-users-bounces at lists.openinfosecfoundation.org
[mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of
(peter)
Sent: Thursday, March 20, 2014 1:54 AM
To: oisf-users
Subject: [Oisf-users] Send Suricata's log to Splunk

 

Hi all,

Have anybody successfully send the suricata's log to splunk without losing
log. 

Who could provide me a detailed document or a solution to integrate with
splunk?

Thanks,
peter

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140320/91037b30/attachment-0002.html>


More information about the Oisf-users mailing list