[Oisf-users] Fwd: Eve JSON vs Normal Logs

Cooper F. Nelson cnelson at ucsd.edu
Thu Jan 3 15:33:50 UTC 2019

I use both.

It's very helpful to have the standard 'fast' logs to just run adhoc
queries against and as a backup if there is a problem with splunk. 

On 12/26/2018 10:38 PM, David Decker wrote:
> Question: Is there a reason to opt to youse the normal logs vice eve
> json? Data will be going to Splunk. Taking over some work, and trying
> to understand the reasoning.  

Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190103/20e92a08/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190103/20e92a08/attachment.sig>

More information about the Oisf-users mailing list