Rooba
/
cowrie
mirror of https://github.com/cowrie/cowrie.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cowrie/doc/splunk
History
Daxda 6289ae5b6f Tiny improvements for the documentation (fixing anchor links) (#317) 2016-10-25 22:43:49 +04:00
..
README.md Tiny improvements for the documentation (fixing anchor links) (#317) 2016-10-25 22:43:49 +04:00

README.md

How to process Cowrie output with Splunk

Sending data

Splunk Output Module

  • In Splunk, enable the HTTP Event Collector (go to Settings->Add Data)
  • Do not enable Indexer Acknowledgment
  • Copy the authorization token for later use
  • Modify cowrie.cfg to enable the [splunk] section
  • Add URL to HTTP Event Collector and add the authorization token
  • Optionally enable sourcetype, source, host and index settings

File Based

  • Collect cowrie.json output file using Splunk

Reporting

Please see: https://github.com/aplura/Tango