[prev in list] [next in list] [prev in thread] [next in thread]
List: bro
Subject: Re: [Bro] Another assist with Bro and Splunk
From: "Seth Hall" <seth () corelight ! com>
Date: 2018-06-21 18:32:37
Message-ID: 0E2EA5FC-08F3-477C-BC1E-5278703BA5D4 () corelight ! com
[Download RAW message or body]
On 20 Jun 2018, at 1:01, Mike Eriksson wrote:
> I believe that Corelight have published some of their stuff for Splunk
> as
> well. It could be well worth having a look for those at Splunkbase
> too.
Yep! I believe we've already helped a few opensource users get it
working for themselves too. We also published a Bro package to help
people get their data from Bro prepped in a way that it's easily
consumable by Splunk here:
https://packages.bro.org/packages/view/73d21892-4fb7-11e8-88be-0a645a3f3086
I know that it's making the logs into json which increases indexing
costs, but there aren't really any other flexible and resilient
mechanisms that I've heard of with Splunk.
.Seth
--
Seth Hall * Corelight, Inc * www.corelight.com
_______________________________________________
Bro mailing list
bro@bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic