[Oisf-users] Suricata 2.0 Available!

Victor Julien lists at inliniac.net
Tue Mar 25 16:46:07 UTC 2014 

On 03/25/2014 05:40 PM, Shirkdog wrote:
> With all of this discussion about JSON, I will see if the guide
> applies to Splunk 6 (adapt as necessary).

Eric has tried Splunk, check his post here:
https://home.regit.org/2014/03/suricata-ulogd-splunk-logstash/

> My issue is always the same:
> 
> Full Packet Capture or GTFO

For sure. I don't see this log and the whole logstash console as a
replacement for something like sguil or snorby, but I think it's all
complementary. Full packet capture is definitely very important!

Cheers,
Victor


> On Mar 25, 2014 12:36 PM, "Cooper F. Nelson" <cnelson at ucsd.edu 
> <mailto:cnelson at ucsd.edu>> wrote:
> 
> The current version of logstash is 1.4.0 and does not work with
> this guide.  Would it be possible to get it updated?
> 
> I'll offer to help in any way possible, with the caveat that I
> haven't been able to get it to work myself.
> 
> On 3/25/2014 3:41 AM, Victor Julien wrote:
> 
> 
>> The Eve log allows for easy 3rd party integration. It has been
>> created with Logstash in mind specifically and we have a quick
>> setup guide
> here
> 
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/_Logstash_Kibana_and_Suricata_JSON_output
>
> 
> 
> 
> 
> 
> _______________________________________________ Suricata IDS Users
> mailing list: oisf-users at openinfosecfoundation.org 
> <mailto:oisf-users at openinfosecfoundation.org> Site:
> http://suricata-ids.org | Support: 
> http://suricata-ids.org/support/ List: 
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> 
OISF: http://www.openinfosecfoundation.org/
> 
> 
> 
> _______________________________________________ Suricata IDS Users
> mailing list: oisf-users at openinfosecfoundation.org Site:
> http://suricata-ids.org | Support:
> http://suricata-ids.org/support/ List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> 
OISF: http://www.openinfosecfoundation.org/
> 

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-users mailing list