Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Feeds TOR network traffic

test_qweqwe
Builder
‎10-23-2017 04:34 AM

Hello all.
I'm now working out how to detect tor traffic.
How better me do this?
Maybe some articles, guides, some tricks?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

akocak
Contributor
‎10-23-2017 09:51 AM

Question is not so good, however, I guess wherever you see those Tor entries such as IIS logs, you can start from there.
Also if you describe what you are trying to do with Tor entries, you would see more answers.
As it is , just copy your question and paste it to google.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎10-23-2017 09:56 AM

@test_qweqwe, you can check out Splunk App for Stream for Network Monitoring from Splunkbase: https://splunkbase.splunk.com/app/1809.

Following is Splunk Documentation Link: http://docs.splunk.com/Documentation/StreamApp/latest/User/ConfigureStreams

And following is one of Splunk Tech Talk recording for the same: https://splunk.app.box.com/s/f2c3k6wipa2imu3w1gd8j2lkve7d2ocv/folder/29722535611

Hope this will get you started.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution

madan27
Explorer
‎03-07-2019 03:33 PM

@niketnilay I am unable to access the above Splunk Tech Talk box link.
Could you please check and share the correct link?

0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎03-08-2019 07:22 AM

@madan27 seems like that has been removed. You can check out other video https://www.youtube.com/watch?v=cBdkXDzftlM or best location is actually Splunk Documentation for Splunk Stream app.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution
Solution

akocak
Contributor
‎10-23-2017 09:51 AM

Question is not so good, however, I guess wherever you see those Tor entries such as IIS logs, you can start from there.
Also if you describe what you are trying to do with Tor entries, you would see more answers.
As it is , just copy your question and paste it to google.

0 Karma
Reply
Solved! Jump to solution

esix_splunk
Splunk Employee
Splunk Employee
‎10-23-2017 06:52 AM

What exact kind of traffic are you talking about? Network? Car? Train? Airplane... Please elaborate on what you're trying to do.. Then we can help!

Reply
Solved! Jump to solution

dzejsonborn
New Member
‎08-29-2019 02:55 AM

He specifed precisely "TOR traffic"

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...