[Bro] Bro +Splunk

Brandon Lattin latt0050 at umn.edu
Thu Nov 5 07:21:10 PST 2015


Splunk universal forwarders monitoring the files you're interested (those
in the ./current directory) on the Bro cluster master.

The Splunk TA for Bro on the search head(s), indexer(s), and on the Bro
cluster master (https://splunkbase.splunk.com/app/1617/). I highly suggest
forking it and removing the Splunk_TA_Bro/default/inputs.conf and building
your own.


That should get you started.

On Thu, Nov 5, 2015 at 6:52 AM, Monah Baki <monahbaki at gmail.com> wrote:

> Hi all,
>
> Any good documentation for newbies as to how to send bro logs to a
> remote splunk server?
> What's the requirements on both sides and what files needs to be
> touched on the bro to send the logs to the remote splunk server.
> I know I installed from the splunk app the "Splunk add on for bro ids"
>
> Thanks
> Monah
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>



-- 
Brandon Lattin
Security Analyst
University of Minnesota - University Information Security
Office: 612-626-6672
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151105/e64de3c7/attachment.html 


More information about the Bro mailing list