Hi All,
I have a problem. I create a scheduler search to retrieve a list of IP access to my web server exceeds a certain threadhold, there would be generate an alert. And now, I want create a script to get a list of IP and take to blacklist of firewall a way automatic. Can I write a script to get a list of IP from file result with format is gzip? Please help me solve problem?
Thanks & regards,
Perhaps you should look at scripted alerts... here
There are couple of other question you should also look at for hints ...
http://splunk-base.splunk.com/answers/3019/scripted-alert-question
AND
http://splunk-base.splunk.com/answers/40843/alerting-send-ipuser-to-script-as-a-parameter
But generally you should also look to support/forums for your firewall vendor for the actual script sections that will be needed to add firewall rules to the access list.
Hope this helps,
MHibbin