2019-01-09 08:05:16 +00:00
|
|
|
How to process Cowrie output with Splunk
|
|
|
|
|
########################################
|
2015-09-25 19:44:18 +00:00
|
|
|
|
2019-01-09 08:05:16 +00:00
|
|
|
Splunk Output Module
|
|
|
|
|
====================
|
2016-07-19 13:52:29 +00:00
|
|
|
|
|
|
|
|
* In Splunk, enable the HTTP Event Collector (go to Settings->Add Data)
|
2016-10-25 18:43:49 +00:00
|
|
|
* Do not enable `Indexer Acknowledgment`
|
2016-07-19 13:52:29 +00:00
|
|
|
* Copy the authorization token for later use
|
2016-10-25 18:43:49 +00:00
|
|
|
* Modify `cowrie.cfg` to enable the `[splunk]` section
|
2016-07-19 13:52:29 +00:00
|
|
|
* Add URL to HTTP Event Collector and add the authorization token
|
|
|
|
|
* Optionally enable sourcetype, source, host and index settings
|
|
|
|
|
|
2019-01-09 08:05:16 +00:00
|
|
|
File Based
|
|
|
|
|
==========
|
2016-07-19 13:52:29 +00:00
|
|
|
|
|
|
|
|
* Collect cowrie.json output file using Splunk
|
|
|
|
|
|
2019-01-09 08:05:16 +00:00
|
|
|
Reporting
|
|
|
|
|
==========
|
2016-07-19 13:52:29 +00:00
|
|
|
|
2015-09-25 19:44:18 +00:00
|
|
|
Please see: https://github.com/aplura/Tango
|
