Here is the alpha version that was released to the list some time ago. I added a few lines to the configuration to make it work with the free version of splunk.
Just extract it to /opt/local/splunk/etc/apps. The go the search app and look at the Views and "Searches & Reports" menus. Good luck!
On Jan 1, 2010, at 4:59 PM, Wim Remes wrote: > Hi, > > Paul Southerington posted on this list that he's working on a 4.x port of the > app. > Search the list for his e-mail address, he might be willing to provide you > with an in-progress version. > > Cheers, > > Wim > On 01 Jan 2010, at 05:09, JM wrote: > >> If I remember correctly, it was only for the 3.x version of Splunk, >> and hasn't yet been ported to the latest version - though I haven't >> checked recently. >> >> JM >> >> On 12/31/2009, Dave S <[email protected]> wrote: >>> I've also been testing Splunk these past few days. I read on the >>> OSSEC web site >>> <http://www.ossec.net/wiki/OSSEC_&_Splunk> >>> about an app for Splunk that reads OSSEC agent data into its database, >>> but I can't find it anywhere in the Splunk "App Store", yet it still >>> pops up in searches when you google for "splunk ossec". >>> >>> Is it no longer supported? >>> >> >> -- >> Sent from my mobile device >
ossec.tar.gz
Description: GNU Zip compressed data
