[Snort-users] snort -> barnyard2 -> splunk

Shirkdog shirkdog at ...11827...
Wed Aug 27 16:48:02 EDT 2014


The question is, do you want just alerts or pcap data?

alert_fast can just be dumped into splunk.
On Aug 27, 2014 4:19 PM, "Robert Millott" <robm at ...16885...>
wrote:

> Anyone have some good suggestions on getting Snort into Splunk?  I've seen
> some directions for snort -> barnyard2 -> syslog -> syslog-ng -> splunk,
> but I don't see the need for syslog. I've also seen snort -> splunk via
> alert_fast, but I already have barnyard2, and from what I hear, using
> barnyard2 will help optimize snort by relieveing some of the processing it
> must do.
>
> Can barnyard2 send directly to splunk in a format splunk will understand
> is originally snort data?
>
> --
> Robert Millott
> President, Millott and Associates
> (443) 255-3588
>
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds.  Stuff that matters.
> http://tv.slashdot.org/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140827/e512c43d/attachment.html>


More information about the Snort-users mailing list