Visualization of FirewallD-logs in SPLUNK
From Datateknik
(Difference between revisions)
| Line 1: | Line 1: | ||
Make sure you have a secure password!! | Make sure you have a secure password!! | ||
| − | [[File:splunk-screenshot1.png| | + | [[File:splunk-screenshot1.png|850px|caption]] |
= FirewallD logs in SPLUNK = | = FirewallD logs in SPLUNK = | ||
Check that you have a text-file (log) with ip attack data (use less ...) | Check that you have a text-file (log) with ip attack data (use less ...) | ||
Revision as of 07:50, 11 May 2017
Make sure you have a secure password!!
Contents |
FirewallD logs in SPLUNK
Check that you have a text-file (log) with ip attack data (use less ...)
Install SPLUNK
- install splunk do NOT install splunk if you alreade have installed it
wget -O splunk-6.5.3-36937ad027d4-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=6.5.3&product=splunk&filename=splunk-6.5.3-36937ad027d4-linux-2.6-x86_64.rpm&wget=true' echo "--------------------------" yum localinstall splunk-6.5.3-36937ad027d4-linux-2.6-x86_64.rpm rpm -ql splunk | grep splunk$ echo "--------------------------" # firewall-cmd --add-rich-rule='rule family="ipv4" port port="8000" protocol="tcp|udp" accept'
Import data into splunk
Not so difficult
