1

I am volunteering to teach some folks to learn Splunk to analyze logs by using SIEM. Therefore I will need some public log file archives such as auditd, secure.log, firewall, webapp logs, which I can use to upload to Splunk instance and write some queries on it.

Do you have any place you know I can download those kind of log files?

Blacklion
  • 93
  • 9

1 Answers1

1

If you're hosting the Splunk instance yourself, you can install the Splunk Add-on for Unix and Linux and grab those logs from your Splunk server. You can run a bare-bones Splunk install well below the specs listed on their website.

Here are some syslogs from an MIT server (not all are viewable), but I will post a better repository if I am able to find one.

cutrightjm
  • 1,714
  • 4
  • 18
  • 31
  • Thanks for that. The link you provided has some data such as apache log files, which helped me as a start. – Blacklion Oct 10 '19 at 04:22
  • @Blacklion This weekend I have some free time and I can probably post some logs from one of my homelab servers – cutrightjm Oct 10 '19 at 16:33