aljaz/cowrie

mirror of https://github.com/aljazceru/cowrie.git synced 2025-12-17 05:54:21 +01:00

Files

Daxda 6289ae5b6f Tiny improvements for the documentation (fixing anchor links) (#317 )

2016-10-25 22:43:49 +04:00

553 B

Raw Blame History

How to process Cowrie output with Splunk

Sending data

Splunk Output Module

In Splunk, enable the HTTP Event Collector (go to Settings->Add Data)
Do not enable Indexer Acknowledgment
Copy the authorization token for later use
Modify cowrie.cfg to enable the [splunk] section
Add URL to HTTP Event Collector and add the authorization token
Optionally enable sourcetype, source, host and index settings

File Based

Collect cowrie.json output file using Splunk

Reporting

Please see: https://github.com/aplura/Tango