Skip to content

b4b857f6ee/Vulture

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

68 Commits
vulture
vulture
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Vulture.tar.gz
Vulture.tar.gz
 
 

Repository files navigation

Splunk App for Vulture

The goal of this application is to provide a sourcetype for Splunk using the log of the WAF Vulture from the MongoDB Repository of the appliance This application provide you the same dashboard you can found on the appliance directly.

Vulture project : https://www.vultureproject.org/

Splunk - Installation

Connect to your splunk installation

create a index call "vulture"

cd $HOME_SPLUNK/etc/apps

wget https://github.com/b4b857f6ee/Vulture/archive/master.zip

unzip master.zip

mv Vulture-master/vulture ./

mv vulture Vulture

rm -rf Vulture-master/

chown splunk:splunk -R Vulture (only if your are using Splunk as splunk user and not root)

restart splunk

Create a new input (in my case port 9601 and UDP protocol you can change it)

Go to Settings -> Data inputs -> UDP -> Add New Select your port "9601" and the Source Type as vulture and the index as vulture

That's it for the Splunk configuration

Vulture Configuration

Log configuration

Connect to your vulture GUI Go to -> Repository -> Syslog -> Create new SyslogRepository with

Repository name "Splunk" Syslog server IP address "Your Splunk IP" Syslog server port number "9601" by default Syslog protocol "UDP" Syslog facility "local7" Syslog security level "info"

Go to -> Configuration Profiles -> Logs -> "Default Log Profile (Repo) Vulture Internal Database (MongoDBRepository)"

In Optional syslog repository "Select your SyslogRepositoryName"

Go to Applications -> Applications -> Click on your App to edit -> Logs

Log Profile "Select the MongoDB repository" Log Level "Error"

Restart your application, access to your website and you have to received your logs whan your access to your website.

Check the splunk index to be sure.

index=vulture

Release Notes

Version 1.2

Wrong upload from the version 1.1

Version 1.1

March 21, 2018

Splunk App for Vulture WAF

The goal of this application is to provide a sourcetype for Splunk using the log of the WAF Vulture from the MongoDB Repository of the appliance This application provide you the same dashboard you can found on the appliance directly.

Version : 1.1

Installation & support : https://github.com/b4b857f6ee/Vulture

About the Vulture project : https://www.vultureproject.org/

Releases notes 1.1

  • Adding the Search menu into the App.
  • Beginning the split sourcetype with vulture:log for web and vulture:filterlog for PacketFilter log aka pflog from the FreeBSD.
  • Modification of the Field by adding alias for the CIM Web Compliance.

About

Splunk Application for Vulture WAF

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published