[Snort-users] Snort on Splunk
gwillia5 at ...15920...
Wed Apr 10 18:04:30 EDT 2013
Yes, you can forward your data to Splunk. Install a universal forwarder on pfsense and output just your fast alerts to a file. Alternatively you can also use Splunk for Snort, but I rarely use it, mainly automated alerting through Splunk through searches.
From: Josh Bitto [mailto:jbitto at ...16055...]
Sent: Wednesday, April 10, 2013 3:51 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort on Splunk
I had a general question if anyone knew off hand. If I run pfsense with snort as an installed package could those logs be sent via syslog to a splunk server? Or does snort have to be installed on a box by itself?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users