[Snort-users] snort -> barnyard2 -> splunk

Robert Millott robm at ...16885...
Wed Aug 27 16:15:49 EDT 2014

Anyone have some good suggestions on getting Snort into Splunk?  I've seen
some directions for snort -> barnyard2 -> syslog -> syslog-ng -> splunk,
but I don't see the need for syslog. I've also seen snort -> splunk via
alert_fast, but I already have barnyard2, and from what I hear, using
barnyard2 will help optimize snort by relieveing some of the processing it
must do.

Can barnyard2 send directly to splunk in a format splunk will understand is
originally snort data?

Robert Millott
President, Millott and Associates
(443) 255-3588
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140827/c8d10c23/attachment.html>

More information about the Snort-users mailing list