[Zeek] Documentation about Corelight's Splunk Apps for Zeek
Carlos Lopez
clopmz at outlook.com
Fri Dec 20 06:22:45 PST 2019
Thanks Eric. But I have doubt with your setup. For inputs.conf, maybe this configuration is best?
[monitor:///opt/zeek/logs/spool/current]
disabled = 0
sourcetype = zeek:json
whitelist = \.log$
instead of to put file by file?
--
Regards,
C. L. Martinez
From: Eric Ooi <ericooi at gmail.com>
Date: Friday, 20 December 2019 at 13:52
To: Amber Graner <akgraner at corelight.com>, Carlos Lopez <clopmz at outlook.com>
Cc: "zeek at zeek.org" <zeek at zeek.org>
Subject: Re: [Zeek] Documentation about Corelight's Splunk Apps for Zeek
Assuming you’re doing an install on a standalone Splunk server, you can use my guide here: https://www.ericooi.com/zeekurity-zen-part-iii-how-to-send-zeek-bro-logs-to-splunk/
________________________________
From: zeek-bounces at zeek.org on behalf of Amber Graner <akgraner at corelight.com>
Sent: Friday, December 20, 2019 6:13 AM
To: Carlos Lopez
Cc: zeek at zeek.org
Subject: Re: [Zeek] Documentation about Corelight's Splunk Apps for Zeek
Hi Carlos,
As that is a Corelight offering and not something maintained by the Zeek Project or the community, we’d have to refer you to Corelight.
Let me find out who you need to talk to and I’ll make introductions.
Thanks,
~Amber
On Fri, Dec 20, 2019 at 3:56 AM Carlos Lopez <clopmz at outlook.com<mailto:clopmz at outlook.com>> wrote:
Hi all,
I would like to install Corelight App For Splunk and TA for Corelight, but there is no documentation about how to accomplish it … All info points to https://www.corelight.com/support/, but there is no docs in there …
Any idea?
--
Regards,
C. L. Martinez
_______________________________________________
Zeek mailing list
zeek at zeek.org<mailto:zeek at zeek.org>
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
Amber Graner
Director of Community
Corelight, Inc
828.582.9469
Schedule time on my calendar here.<https://calendly.com/amber_graner>
[Image removed by sender.] [Image removed by sender.]
* Ask me about how you can participate in the Zeek (formerly Bro) community.
* Remember - ZEEK AND YOU SHALL FIND!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191220/2411d84c/attachment.html
More information about the Zeek
mailing list