[Bro] Bro +Splunk
Patrick Kelley
pkelley at hyperionavenue.com
Thu Nov 5 07:33:19 PST 2015
Yes, it is. Just register for a Splunk account, which is free.
https://www.splunk.com/page/sign_up?redirecturl=http://www.splunk.com/en_us/download/universal-forwarder.html
Once you register using the link above, it should send you to the free
download.
On Thu, Nov 5, 2015 at 7:31 AM, Monah Baki <monahbaki at gmail.com> wrote:
> Hi Patrick,
>
> http://www.splunk.com/en_us/download/universal-forwarder.html Can't foind
> a link to download the universal forwarder. Is it free?
>
> Thanks
> Monah
>
> On Thu, Nov 5, 2015 at 10:18 AM, Patrick Kelley <
> pkelley at hyperionavenue.com> wrote:
>
>> Yes! Use the Splunk Universal Forwarder and monitor the
>> "/usr/local/bro/logs/current" folder. Make sure you configure Splunk to
>> receive the data. This can be done under settings.
>>
>> *Instructions*
>>
>> Install the forwarder -
>>
>> http://www.splunk.com/en_us/download/universal-forwarder.html
>>
>> Add the location of your Splunk server -
>> ./splunk add forward-server 172.0.0.20:9997
>>
>> Add the monitor command -
>> ./splunk add monitor //usr/local/bro/logs/current
>>
>> That's it.
>>
>> On Thu, Nov 5, 2015 at 4:52 AM, Monah Baki <monahbaki at gmail.com> wrote:
>>
>>> Hi all,
>>>
>>> Any good documentation for newbies as to how to send bro logs to a
>>> remote splunk server?
>>> What's the requirements on both sides and what files needs to be
>>> touched on the bro to send the logs to the remote splunk server.
>>> I know I installed from the splunk app the "Splunk add on for bro ids"
>>>
>>> Thanks
>>> Monah
>>> _______________________________________________
>>> Bro mailing list
>>> bro at bro-ids.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>
>>
>>
>>
>> --
>>
>> Patrick Kelley, CEH
>> Hyperion Avenue Labs
>> http://www.hyperionavenue.com
>> 951.291.8310
>>
>> *The limit to which you have accepted being comfortable is the limit to
>> which you have grown. Accept new challenges as an opportunity to enrich
>> yourself and not as a point of potential failure.*
>>
>> [image: hal_logo]
>>
>>
>
--
Patrick Kelley, CEH
Hyperion Avenue Labs
http://www.hyperionavenue.com
951.291.8310
*The limit to which you have accepted being comfortable is the limit to
which you have grown. Accept new challenges as an opportunity to enrich
yourself and not as a point of potential failure.*
[image: hal_logo]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151105/9972bf7f/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 12155 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151105/9972bf7f/attachment.bin
More information about the Bro
mailing list