You need to log in to create posts and topics.

Installing Firegen for Snort Splunk

I was trying to install firegen for snort on my splunk server, but i got a little bit stuck.

can I install with different server? I doubt whether it can or not. because I have read the Readme file that containts :

Configuration instructions:

Snort may be installed on a different server than Splunk but Splunk needs to have access to the MySQL database that stores the Snort events. In our case, we have a dedicated Snort server with a Splunk heavy forwarder installed to send the events to the indexer and the Splunk DB Connect App is installed on the heavy forwarder.

Configure Snort 2.9.9.x, Barnyard2, PulledPork and BASE as described in https://s3.amazonaws.com/snort-org-site/production/document_files/files/000/000/122/original/Snort_2.9.9.x_on_Ubuntu_14-16.pdf

The document describes the installation in full details for both Ubuntu 14 and 16.

.......

Please.. help me. Thanks before

Splunk Apps:

https://splunkbase.splunk.com/app/4118/