mirror of
https://github.com/aljazceru/cowrie.git
synced 2025-12-20 15:34:22 +01:00
21 lines
561 B
Markdown
21 lines
561 B
Markdown
# How to process Cowrie output with Splunk
|
|
|
|
## Sending data
|
|
|
|
### Splunk Output Module
|
|
|
|
* In Splunk, enable the HTTP Event Collector (go to Settings->Add Data)
|
|
* Do not enable ```Indexer Acknowledgment```
|
|
* Copy the authorization token for later use
|
|
* Modify ```cowrie.cfg``` to enable ```[splunk]``` section
|
|
* Add URL to HTTP Event Collector and add the authorization token
|
|
* Optionally enable sourcetype, source, host and index settings
|
|
|
|
### File Based
|
|
|
|
* Collect cowrie.json output file using Splunk
|
|
|
|
## Reporting
|
|
|
|
Please see: https://github.com/aplura/Tango
|