Activity Feed
- Got Karma for Mitigation for CVE-2011-4642 Cross Site Scripting and Cross Site Request Forgery. 06-05-2020 12:46 AM
- Got Karma for lea_loggrabber functionality. 06-05-2020 12:46 AM
- Got Karma for lea_loggrabber functionality. 06-05-2020 12:46 AM
- Posted Inputs.conf monitoring of a Dir and a specific log within it on Getting Data In. 05-01-2013 02:56 AM
- Tagged Inputs.conf monitoring of a Dir and a specific log within it on Getting Data In. 05-01-2013 02:56 AM
- Tagged Inputs.conf monitoring of a Dir and a specific log within it on Getting Data In. 05-01-2013 02:56 AM
- Posted Boundary App Set-up on Splunk Search. 09-17-2012 07:26 AM
- Tagged Boundary App Set-up on Splunk Search. 09-17-2012 07:26 AM
- Tagged Boundary App Set-up on Splunk Search. 09-17-2012 07:26 AM
- Posted Re: lea_loggrabber functionality on Splunk Search. 06-12-2012 01:26 AM
- Posted Mitigation for CVE-2011-4642 Cross Site Scripting and Cross Site Request Forgery on Splunk Dev. 01-09-2012 05:23 AM
- Tagged Mitigation for CVE-2011-4642 Cross Site Scripting and Cross Site Request Forgery on Splunk Dev. 01-09-2012 05:23 AM
- Tagged Mitigation for CVE-2011-4642 Cross Site Scripting and Cross Site Request Forgery on Splunk Dev. 01-09-2012 05:23 AM
- Posted lea_loggrabber functionality on Splunk Search. 11-11-2011 03:18 AM
- Tagged lea_loggrabber functionality on Splunk Search. 11-11-2011 03:18 AM
- Tagged lea_loggrabber functionality on Splunk Search. 11-11-2011 03:18 AM
- Posted lea_loggrabber functionality on Getting Data In. 11-11-2011 02:30 AM
- Tagged lea_loggrabber functionality on Getting Data In. 11-11-2011 02:30 AM
- Tagged lea_loggrabber functionality on Getting Data In. 11-11-2011 02:30 AM
- Tagged lea_loggrabber functionality on Getting Data In. 11-11-2011 02:30 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 1 | |||
| 1 | |||
| 1 |
05-01-2013
02:56 AM
What is the precedence? or will it creat problems if I am monitoring All files in directory and also monitor a specific file in that dir.
I need to tag this seperate from other syslog
[monitor:///log/new/local6]
sourcetype=syslog_local6
All remaining log files are generic syslog
[monitor:///log]
followTail=0
ignoreOlderThan=1d
recurse=true
sourcetype=syslog
... View more
09-17-2012
07:26 AM
Trying to see what this app provides as the description does not tell me anything.
The app Loads OK but do not know what to put in the initial set-up fields.
1.Retrieve Boundary API Credentials (API key & Organization ID)
What is the API and Organisation data required here and in what format.
If you click on the link "https://app.boundary.com/" from the App download page you get an error if running IE
Ta
... View more
01-09-2012
05:23 AM
1 Karma
mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.
Can version 4.2.3 of splunk be locked down in any way to mitigate against this?
. Wilf
... View more
- Tags:
- map-command
- python
11-11-2011
03:18 AM
1 Karma
I need to understand how the “lea-loggrabber-splunk-linux-4x-42928” application functions.
I need to ensure that if a link between Splunk and the Checkpoint SMART Centre goes down, when it comes back up (maybe days later), that Splunk will go back to where it left off and not lose any events (unless of course Checkpoint has deleted the Log).
This is the functionality I am informed would be required.
In lea _new _session you choose to read in online mode and choose to start reading where they left off, say at position x in log file ID x, then the client reads to the end of file of that log file and then begins at the start of the next file in the fw.logtrack file until they have reached the end of the most recent log file. At that point, the LEA client waits for new events.
Can anyone confirm this is how it works?
Thanks
Wilf
... View more
- Tags:
- lea_loggrabber
- opsec
11-11-2011
02:30 AM
1 Karma
I am connecting to a Checkpoint Smart Manager
(SPLAT) using the "lea-loggrabber-splunk-linux-4x-42928" App.
I need to know how it requests the data.
In lea _new _session does it read in online mode and choose to start reading where it left off, say at position x in log file ID x. It needs to do this so I can be sure that it reads to the end of file of that log file and then begins at the start of the next file in the fw.logtrack file until it reached the end of the most recent log file.
This will ensure that if the link to the Checkpoint manager goes down at any time, so long as the Checkpoint log has not been deleted; Splunk will pick up at the end of the last session and catch up to the new events streaming in.
Hope you can help
Wilf
... View more
- Tags:
- checkpoint
- lea
- opsec
