Stream Network Traces into Splunk


Is anyone streaming network traces into Splunk? I am aware of the stream app for splunk but is there a way of streaming data from other kinds of devices that capture wire data that is not host based?

Tags (1)
0 Karma

Esteemed Legend

Sure, you could use tcpdump (or any network tool), redirect STDOUT to nc which is pointing to a syslog server listener socket, which is configured to forward into your indexer tier. Every geek should know how to use nc ("netcat") to build pipeline glue.

0 Karma