We are planning on using Snare to collect our desktop event logs. The problem is I haven't found a good way to integrate the Snare log format into the Splunk App for Windows. Has anyone tackled this task in the past?
You can send from Snare in generic syslog format.
Why not just use the Splunk for Windows in a light forwarder mode? This would allow you to send all the logs/data to Splunk without have the web interface on the host. Is there concerns about using the Splunk agent?
Got any examples of the logs it is sending to Splunk?
The problem is that we have already deployed the Snare agent to our environment.