https://community.splunk.com/t5/All-Apps-and-Add-ons/SPLUNK-for-SNORT-not-working/m-p/86348#M5563 <P><A href="http://www.disects.com/whitepapers/Logging_Snort_alerts_to_Syslog_and_Splunk.pdf">http://www.disects.com/whitepapers/Logging_Snort_alerts_to_Syslog_and_Splunk.pdf</A></P> Sun, 06 Oct 2013 03:55:47 GMT praveen_recker 2013-10-06T03:55:47Z https://community.splunk.com/t5/All-Apps-and-Add-ons/SPLUNK-for-SNORT-not-working/m-p/86345#M5560 <P>I am trying to get SPLUNK for SNORT up and running with no luck. I am new to SNORT,SPLUNK, and linux in gerneral. But here is what i have.<BR /> CentOS running SNORT and producing an ALERT and log file<BR /> Windows PC running SPLUNK</P> <P>I setup the universal forwarder and all my SNORT alerts appear in SPLUNK as sourcetype snort_alert_full using the following command:<BR /> /opt/splunkforwarder/bin/splunk add monitor /etc/log/snort/ -index main -sourcetype snort_alert_full</P> <P>When viewing in Splunk for snort i have no results. my understanding is that when the data is processed it should be renames from snort_alert_full to snort, i dont see this happeneing. And cannot search for src_ip as it is not being indexed properly.</P> <P>Is there something i have to do to get Splunk for snort to process the data and index it properly?</P> Mon, 28 Sep 2020 14:16:16 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/SPLUNK-for-SNORT-not-working/m-p/86345#M5560 thunbolt22 2020-09-28T14:16:16Z https://community.splunk.com/t5/All-Apps-and-Add-ons/SPLUNK-for-SNORT-not-working/m-p/86346#M5561 <P>Try changing snort to alert fast. Then same for the file monitor for the splunk forwarder</P> Sat, 06 Jul 2013 12:54:25 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/SPLUNK-for-SNORT-not-working/m-p/86346#M5561 starcher 2013-07-06T12:54:25Z https://community.splunk.com/t5/All-Apps-and-Add-ons/SPLUNK-for-SNORT-not-working/m-p/86347#M5562 <P>I ended up reinstalling Splunk for Snort and everything worked. </P> Mon, 08 Jul 2013 13:23:35 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/SPLUNK-for-SNORT-not-working/m-p/86347#M5562 thunbolt22 2013-07-08T13:23:35Z https://community.splunk.com/t5/All-Apps-and-Add-ons/SPLUNK-for-SNORT-not-working/m-p/86348#M5563 <P><A href="http://www.disects.com/whitepapers/Logging_Snort_alerts_to_Syslog_and_Splunk.pdf">http://www.disects.com/whitepapers/Logging_Snort_alerts_to_Syslog_and_Splunk.pdf</A></P> Sun, 06 Oct 2013 03:55:47 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/SPLUNK-for-SNORT-not-working/m-p/86348#M5563 praveen_recker 2013-10-06T03:55:47Z