Not sure how to interpret the question, but here goes: you could use Snare for sending Windows event logs via syslog to Splunk, yes. Even better would be to use Splunk's own Universal Forwarders for achieving the same thing. You'd get events that are formatted a bit more clearly + you'll get extracted fields right out of the box.
Not sure how to interpret the question, but here goes: you could use Snare for sending Windows event logs via syslog to Splunk, yes. Even better would be to use Splunk's own Universal Forwarders for achieving the same thing. You'd get events that are formatted a bit more clearly + you'll get extracted fields right out of the box.