[Bro] An assist with Splunk addon
James Lay
jlay at slave-tothe-box.net
Thu May 17 09:25:22 PDT 2018
All,
So I've been dabbling with Splunk, Bro, and the Corelight apps. I setup
a listener, installed the App on the Splunk server, and installed the
Universal Forwarder (just trying it out; I know I can just use
rsyslog/syslog-ng) on the machine that's running bro, pointed the
Universal Forwarder to a listener, and install the TA addon on the
machine running bro and the Universal Forwarder. Alas, my output
is...unexpected:
Anyone have any hints on what the issue might be? Thank you.
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180517/8c62db4b/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2018-05-17 10_21_02-Search _ Splunk 7.1.0.png
Type: image/png
Size: 24445 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180517/8c62db4b/attachment-0001.bin
More information about the Bro
mailing list