This app is archived. Learn more
Security Onion Sensor Add On eases the configuration of a multiple Security Onion sensor deployment. Install the Splunk Universal forwarder and untar this app to /opt/splunkforwarder/etc/apps. Edit /opt/splunkforwarder/etc/apps/securityonion_addon/local/inputs.conf to disable specific logs depending on whether you're indexing from a server or sensor that is remote to the Splunk indexer. See README or http://eyeis.net/2012/07/announcing-security-onion-for-splunk-serversensor-add-on/ for details on setup/config.
(0)
Categories
Created By
Type
Downloads
Licensing
Splunk Answers
Resources