[Oisf-users] http.log Viewer

Victor Julien lists at inliniac.net
Mon Nov 11 09:46:45 UTC 2013 

On 11/11/2013 10:40 AM, Peter Manev wrote:
> 
> 
> 
> On Mon, Nov 11, 2013 at 10:17 AM, Victor Julien <lists at inliniac.net
> <mailto:lists at inliniac.net>> wrote:
> 
>     On 11/10/2013 05:18 AM, Stephen Watson wrote:
>     > Hi,
>     >
>     >
>     >
>     > Is there any recommended log file viewer for the http.log, for an end
>     > user who doesn’t have shell access ?   Preferably something that will
>     > run on rails like Snorby as I don’t want to install Apache.   There is
>     > software out there like the Awstats, webalizer etc, but its more for
>     > webserver and incoming traffic, I was just after something that would
>     > show each web page request and perhaps allow a search.   Shame Snorby
>     > can’t do it.
>     >
> 
>     In Luxembourg Peter created some scripts to feed the fast.log and
>     http.log into Logstash.
> 
>     @Peter where can the scripts be found?
> 
> 
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/_Logstash_Kibana_and_Suricata_JSON_output
> This above is for files JSON output that we currently have.
> 
> With Suricata 2.0 there will be JSON outputs for
> dns/http/tls/alert/files - then you could use the same article and just
> add the output files to your Logstash config. Just 30 days of patience
> :) - https://redmine.openinfosecfoundation.org/projects/suricata/roadmap
> 
> However if you insist on parsing http.log with Logstash/Kibana right
> away with Suricata 1.4.6 , you can - it is just that you have to create
> a custom regex and feed it to Logstash - very tricky!  And by the time
> you do it, have it up and running, then after a couple of weeks you
> wouldn't have had the need to do it and use it, since the http.log in
> Suricata 2.0 is planned to have the JSON output support which is
> natively parsed by Logstash.

Peter, you created these regex' in Lux if I remember correctly. Can you
please share them?

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-users mailing list