- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello all.
I'm now working out how to detect tor traffic.
How better me do this?
Maybe some articles, guides, some tricks?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Question is not so good, however, I guess wherever you see those Tor entries such as IIS logs, you can start from there.
Also if you describe what you are trying to do with Tor entries, you would see more answers.
As it is , just copy your question and paste it to google.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@test_qweqwe, you can check out Splunk App for Stream
for Network Monitoring from Splunkbase: https://splunkbase.splunk.com/app/1809.
Following is Splunk Documentation Link: http://docs.splunk.com/Documentation/StreamApp/latest/User/ConfigureStreams
And following is one of Splunk Tech Talk recording for the same: https://splunk.app.box.com/s/f2c3k6wipa2imu3w1gd8j2lkve7d2ocv/folder/29722535611
Hope this will get you started.
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@niketnilay I am unable to access the above Splunk Tech Talk box link.
Could you please check and share the correct link?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@madan27 seems like that has been removed. You can check out other video https://www.youtube.com/watch?v=cBdkXDzftlM or best location is actually Splunk Documentation for Splunk Stream app.
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Question is not so good, however, I guess wherever you see those Tor entries such as IIS logs, you can start from there.
Also if you describe what you are trying to do with Tor entries, you would see more answers.
As it is , just copy your question and paste it to google.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What exact kind of traffic are you talking about? Network? Car? Train? Airplane... Please elaborate on what you're trying to do.. Then we can help!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
He specifed precisely "TOR traffic"