mirror of
https://github.com/cowrie/cowrie.git
synced 2025-07-01 18:07:27 -04:00
813f35e86d
* typing * clean also cleans docs/ * ignore twistedchecker exit code * twistedchecker fixes * update docs. add copy button * add missing $ prompts * updated copyright * isort * remove flake8-import order. config flake8/isort/black * remove import order * docs restructure * should pick up settings from setup.cfg * put conversion code back in. JSON encoding needs it
23 lines
670 B
ReStructuredText
23 lines
670 B
ReStructuredText
How to send Cowrie output to Splunk
|
|
###################################
|
|
|
|
Splunk Output Module
|
|
====================
|
|
|
|
* In Splunk, enable the HTTP Event Collector (go to Settings->Add Data)
|
|
* Do not enable `Indexer Acknowledgment`
|
|
* Copy the authorization token for later use
|
|
* Modify ``cowrie.cfg`` to enable the ``[output_splunk]`` section
|
|
* Configure the URL for HTTP Event Collector and add the authorization token you copied in the previous step
|
|
* Optionally enable sourcetype, source, host and index settings
|
|
|
|
File Based
|
|
==========
|
|
|
|
* Collect ``/var/log/cowrie/cowrie.json`` output file using Splunk
|
|
|
|
Reporting
|
|
=========
|
|
|
|
Please see: https://github.com/aplura/Tango
|