Analyzing network logs using Splunk
Now that we have the logs, it is high time we understood how to collect and analyze them from a network forensic's perspective.
The tool of choice is Splunk. This is a very versatile tool (it also has a free version) that offers users the ability to collect log files from multiple sources, index and normalize the data within, then carry out an in-depth analysis to look for anomalies, prepare reports, and visualize the results. Lets take a look at it:
Splunk offers the facility to import and index data in a multitude of formats. This includes structured data, web services, network devices, Microsoft servers, application services, the cloud, and a host of others. The following are the steps to download and start using Splunk:
To get started, we need to download Splunk from http://www.splunk.com/, as shown in the following screenshot:
All we need to get started is to download the relevant binary based on the operating system that we intend to use for the analysis...
