splunk ossec app

[Aaron Bliss]

Hi all. I'm looking for the splunk ossec app. The link below doesn't
seem to be working and browsing the splunk website, I can't seem to
find the ossec app. Any ideas where the app is located?

http://www.splunkbase.com/apps/All/Security/app:Splunk+for+OSSEC#

[Paul Southerington]

Are you running Splunk version 3 or 4?

The OSSEC app for Splunk 3 seems to have disappeared from Splunk's site. I'm working on a Splunk 4 app, which I hope to release within the week. If you would like me to send you an in-progress version, send me a note off-list -- I'd love to get your feedback.

[jaturley]

I am also looking for the OSSEC app for Splunk 4. When it becomes
available where will I be able to download it from? Thank you

On Nov 23, 1:31 pm, Paul Southerington <sout...@gmail.com> wrote:
> Are you running Splunk version 3 or 4?
>
> The OSSEC app for Splunk 3 seems to have disappeared from Splunk's site. I'm
> working on a Splunk 4 app, which I hope to release within the week. If you
> would like me to send you an in-progress version, send me a note off-list --
> I'd love to get your feedback.
>

[Aaron Bliss]

Version 4 of splunk for me as well.

[Paul Southerington]

For those who asked about OSSEC integration with Splunk 4, there is an initial download at:
    http://www.southerington.com/redir.php?id=11

The app is still something of a work-in-progress, but feel free to play with it. Feedback is welcome, but send it to me directly to avoid cluttering the list, unless it's relevant to everyone.


To install, extract ossec.tgz into /opt/splunk/etc/apps (or your equivalent directory).  Check the README and KNOWN_ISSUES files for more detail.

Ultimately, the download will most likely move to the Splunk community apps page, but at the moment you'll need to use the link above.