[Oisf-users] Fwd: Eve JSON vs Normal Logs
Cooper F. Nelson
cnelson at ucsd.edu
Thu Jan 3 15:33:50 UTC 2019
I use both.
It's very helpful to have the standard 'fast' logs to just run adhoc
queries against and as a backup if there is a problem with splunk.
On 12/26/2018 10:38 PM, David Decker wrote:
>
> Question: Is there a reason to opt to youse the normal logs vice eve
> json? Data will be going to Splunk. Taking over some work, and trying
> to understand the reasoning.
--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190103/20e92a08/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190103/20e92a08/attachment.sig>
More information about the Oisf-users
mailing list