Configuring SNORT in SPLUNK

1. Download snort plugins for splunk, choose manager, the data inputs
 2. Make new data files, ponting data path to your barnyard2/alert file.



3. edit the host field value  based on your snort host name and source type  value into snor_alert_full

4. view the result

Comments

Popular posts from this blog

authentication failure using SSH pam_unix(sshd:auth): authentication failure;

Howto configure SPLUNK Universal Forwarder

openvpn howto make OCSP server using OpenSSL [Part2]