All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

splunk for snort read data from Mysql instead from log file

tbaror
New Member
‎01-10-2012 07:46 AM

would it be possible to read directly from Mysql schema instead of snort log file , since i have few sensors logging into Splunk machine Mysql db?

Thanks

Tags (1)
0 Karma
Reply

Ayn
Legend
‎01-10-2012 03:22 PM

This is not supported at this time, and likely won't be anytime soon either.

The idea of the Splunk for Snort app is to operate on Snort log data within Splunk's index. Having it operate on data in an external SQL database would require a scripted input that first reads it out of the database, transforms it into some text format (for instance one of the formats already supported by the app) and then feeds it into Splunk. This is a somewhat backwards way of doing things, and there are a bunch of other tools that can operate directly on an SQL database containing Snort events instead, like for instance Snorby, Aanval (I think?), BASE/ACID/SnortCenter, and others.

That said, I don't have anything against the idea itself so if someone were to add this functionality to the app I wouldn't mind including it in the "official" package.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...