[Oisf-users] http.log Viewer

Peter Manev petermanev at gmail.com
Mon Nov 11 09:40:23 UTC 2013


On Mon, Nov 11, 2013 at 10:17 AM, Victor Julien <lists at inliniac.net> wrote:

> On 11/10/2013 05:18 AM, Stephen Watson wrote:
> > Hi,
> >
> >
> >
> > Is there any recommended log file viewer for the http.log, for an end
> > user who doesn’t have shell access ?   Preferably something that will
> > run on rails like Snorby as I don’t want to install Apache.   There is
> > software out there like the Awstats, webalizer etc, but its more for
> > webserver and incoming traffic, I was just after something that would
> > show each web page request and perhaps allow a search.   Shame Snorby
> > can’t do it.
> >
>
> In Luxembourg Peter created some scripts to feed the fast.log and
> http.log into Logstash.
>
> @Peter where can the scripts be found?
>

https://redmine.openinfosecfoundation.org/projects/suricata/wiki/_Logstash_Kibana_and_Suricata_JSON_output
This above is for files JSON output that we currently have.

With Suricata 2.0 there will be JSON outputs for dns/http/tls/alert/files -
then you could use the same article and just add the output files to your
Logstash config. Just 30 days of patience :) -
https://redmine.openinfosecfoundation.org/projects/suricata/roadmap

However if you insist on parsing http.log with Logstash/Kibana right away
with Suricata 1.4.6 , you can - it is just that you have to create a custom
regex and feed it to Logstash - very tricky!  And by the time you do it,
have it up and running, then after a couple of weeks you wouldn't have had
the need to do it and use it, since the http.log in Suricata 2.0 is planned
to have the JSON output support which is natively parsed by Logstash.


Thanks


-- 
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20131111/872ac747/attachment-0002.html>


More information about the Oisf-users mailing list