Snort mailing list archives

Re: snort -> barnyard2 -> splunk

From: VM PC <packetstack () gmail com>
Date: Wed, 27 Aug 2014 16:47:51 -0400

Yes it can. Use the following in barnyard2.conf

output alert_syslog_full: sensor_name ips01-eth0:eth1, server 192.168.1.1,
protocol udp, port 514

P.S.
I am now using rsyslog, but cant remember why.
output log_syslog_full: sensor_name ips01-eth0:eth1, local, log_priority
LOG_INFO,log_facility LOG_LOCAL1

/etc/rsyslog.d/50-default.conf
#Alert Full
local1.info                     /var/log/snort/snort_full
local1.info                     @192.168.1.1



On Wed, Aug 27, 2014 at 4:15 PM, Robert Millott <
robm () millottandassociates com> wrote:

Anyone have some good suggestions on getting Snort into Splunk?  I've seen
some directions for snort -> barnyard2 -> syslog -> syslog-ng -> splunk,
but I don't see the need for syslog. I've also seen snort -> splunk via
alert_fast, but I already have barnyard2, and from what I hear, using
barnyard2 will help optimize snort by relieveing some of the processing it
must do.

Can barnyard2 send directly to splunk in a format splunk will understand
is originally snort data?

--
Robert Millott
President, Millott and Associates
(443) 255-3588


------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

snort -> barnyard2 -> splunk Robert Millott (Aug 27)
- Re: snort -> barnyard2 -> splunk Shirkdog (Aug 27)
- Re: snort -> barnyard2 -> splunk VM PC (Aug 27)