[Snort-users] Snort on Splunk

Greg Williams gwillia5 at ...15920...
Wed Apr 10 18:04:30 EDT 2013


Yes, you can forward your data to Splunk.  Install a universal forwarder on pfsense and output just your fast alerts to a file.  Alternatively you can also use Splunk for Snort, but I rarely use it, mainly automated alerting through Splunk through searches.

Greg Williams
From: Josh Bitto [mailto:jbitto at ...16055...]
Sent: Wednesday, April 10, 2013 3:51 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort on Splunk

I had a general question if anyone knew off hand. If I run pfsense with snort as an installed package could those logs be sent via syslog to a splunk server? Or does snort have to be installed on a box by itself?



Josh


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130410/de43155c/attachment.html>


More information about the Snort-users mailing list