E.T. Proxy Logs Checker [ETPLC]

The new initial Splunk "Connector" with ETPLC project:

-ETPLC receive logs on few format, but Splunk Connector use only Squid log format actually!
=> Extract Splunk fields through REST API and Common Information Model [CIM]

-Check few parameters on Splunk server in ETPLC perl command line "etplc_splunk_xxx.pl" (avalaible in download section)

* Important: only last 15mn events log checking! ($timebefore variable on etplc perl script)

-First time, run this perl script simply like this "perl etplc_splunk_1jan2016.pl"
We can check Perl output informations/errors

-Second time, check ETPLC perl command line like this "perl etplc_splunk_1jan2016.pl -base_url= -username=admin -password=changeme -app=search"
We can check Splunk output informations/errors

-If you need more information, enable debugging (-d) like this "perl etplc_splunk_1jan2016.pl -base_url= -username=admin -password=changeme -app=search -d"

-Ok next run Splunk and ETPLC perl script like this "perl etplc_splunk_1jan2016.pl -base_url= -username=admin -password=changeme -app=search | perl etplc_5nov2015a.pl -f emergingall_sigs30dec2015a_snort290b.rules.gz"
Wait one or two second etplc starting... (check cpu with top like)

Output Splunk working example on "Squid" format:

ok trouvé: timestamp: Sep 08 01:07:46, server_hostname_ip:, client_hostname_ip:, client_http_method: GET, client_http_uri: /funpass/wrapper-play.jsp?gameID=EscapeRosecliffIsland&MSNID=191885670&computerID=1487180134&sourceID=3&sourcePassword=msn!Pass123&type=update, client_http_useragent: GAMEHOUSE.NET.URL, client_http_referer: GH, client_http_cookie: -, client_http_host: www.gamehouse.com, http_reply_code: 200, etmsg: ET MALWARE Gamehouse.com User-Agent (GAMEHOUSE.NET.URL), etagent: gamehouse

Futur works:

Write a output ETPLC to Splunk

Feedbacks is welcome.
Thx you @Splunk !