Rooba
/
cowrie
mirror of https://github.com/cowrie/cowrie.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cowrie/docs/splunk
History
Michel Oosterhof bdff9601ca
Move to Restructured text (#979) 
From Markdown to RestructuredText
 		2019-01-09 12:05:16 +04:00
..
README.rst Move to Restructured text (#979) 2019-01-09 12:05:16 +04:00

README.rst 

How to process Cowrie output with Splunk
########################################

Splunk Output Module
====================

* In Splunk, enable the HTTP Event Collector (go to Settings->Add Data)
* Do not enable `Indexer Acknowledgment`
* Copy the authorization token for later use
* Modify `cowrie.cfg` to enable the `[splunk]` section
* Add URL to HTTP Event Collector and add the authorization token
* Optionally enable sourcetype, source, host and index settings

File Based
==========

* Collect cowrie.json output file using Splunk

Reporting
==========

Please see: https://github.com/aplura/Tango