E.T. Proxy Logs Checker [ETPLC]

The new initial Splunk "Connector" with ETPLC project:

-ETPLC receive logs on few format, but Splunk Connector use only Squid log format actually!
=> Extract Splunk fields through REST API and Common Information Model [CIM]

-Check few parameters on Splunk server in ETPLC perl command line "etplc_splunk_xxx.pl" (avalaible in download section)

* Important: only last 15mn events log checking! ($timebefore variable on etplc perl script)
-base_url=https://127.0.0.1:8089
-username=admin
-password=changeme
-app=search

-First time, run this perl script simply like this "perl etplc_splunk_1jan2016.pl"
We can check Perl output informations/errors

-Second time, check ETPLC perl command line like this "perl etplc_splunk_1jan2016.pl -base_url=https://127.0.0.1:8089 -username=admin -password=changeme -app=search"
We can check Splunk output informations/errors

-If you need more information, enable debugging (-d) like this "perl etplc_splunk_1jan2016.pl -base_url=https://127.0.0.1:8089 -username=admin -password=changeme -app=search -d"

-Ok next run Splunk and ETPLC perl script like this "perl etplc_splunk_1jan2016.pl -base_url=https://127.0.0.1:8089 -username=admin -password=changeme -app=search | perl etplc_5nov2015a.pl -f emergingall_sigs30dec2015a_snort290b.rules.gz"
Wait one or two second etplc starting... (check cpu with top like)

Output Splunk working example on "Squid" format:

ok trouvé: timestamp: Sep 08 01:07:46, server_hostname_ip: 127.0.0.1, client_hostname_ip: 10.7.2.184, client_http_method: GET, client_http_uri: /funpass/wrapper-play.jsp?gameID=EscapeRosecliffIsland&MSNID=191885670&computerID=1487180134&sourceID=3&sourcePassword=msn!Pass123&type=update, client_http_useragent: GAMEHOUSE.NET.URL, client_http_referer: GH, client_http_cookie: -, client_http_host: www.gamehouse.com, http_reply_code: 200, etmsg: ET MALWARE Gamehouse.com User-Agent (GAMEHOUSE.NET.URL), etagent: gamehouse


Futur works:

Write a output ETPLC to Splunk


Feedbacks is welcome.
Thx you @Splunk !