[Bro] Another assist with Bro and Splunk
Patrick Kelley
patrick.kelley at criticalpathsecurity.com
Tue Jun 19 09:12:56 PDT 2018
Typically, I just ingest the json logs without issue.
Are you experiencing a particular issue?
Patrick Kelley, CISSP, C|EH, ITIL
CTO
patrick.kelley at criticalpathsecurity.com
> On Jun 19, 2018, at 8:56 AM, James Lay <jlay at slave-tothe-box.net> wrote:
>
> So...before I recreate the wheel I thought I'd fire this here.
> Situation:
>
> bro 2.5.4 on a box
> shipping off conn and ssl logs via rsyslog to another box
>
> So I've looked at:
>
> https://splunkbase.splunk.com/app/1617/#/overview
>
> but this appears pretty old. So...before I go through the grueling
> process of manually getting field extractions, I'm betting someone else
> has already done the splunk-ish work. Thanks for any assistance.
>
> James
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180619/ea668f9d/attachment.html
More information about the Bro
mailing list