Snort mailing list archives
Re: snort -> barnyard2 -> splunk
From: VM PC <packetstack () gmail com>
Date: Wed, 27 Aug 2014 16:47:51 -0400
Yes it can. Use the following in barnyard2.conf output alert_syslog_full: sensor_name ips01-eth0:eth1, server 192.168.1.1, protocol udp, port 514 P.S. I am now using rsyslog, but cant remember why. output log_syslog_full: sensor_name ips01-eth0:eth1, local, log_priority LOG_INFO,log_facility LOG_LOCAL1 /etc/rsyslog.d/50-default.conf #Alert Full local1.info /var/log/snort/snort_full local1.info @192.168.1.1 On Wed, Aug 27, 2014 at 4:15 PM, Robert Millott < robm () millottandassociates com> wrote:
Anyone have some good suggestions on getting Snort into Splunk? I've seen some directions for snort -> barnyard2 -> syslog -> syslog-ng -> splunk, but I don't see the need for syslog. I've also seen snort -> splunk via alert_fast, but I already have barnyard2, and from what I hear, using barnyard2 will help optimize snort by relieveing some of the processing it must do. Can barnyard2 send directly to splunk in a format splunk will understand is originally snort data? -- Robert Millott President, Millott and Associates (443) 255-3588 ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort -> barnyard2 -> splunk Robert Millott (Aug 27)
- Re: snort -> barnyard2 -> splunk Shirkdog (Aug 27)
- Re: snort -> barnyard2 -> splunk VM PC (Aug 27)