[Oisf-users] Has anyone gotten suricata JSON logging working with logstash 1.4.0 yet?
Peter Manev
petermanev at gmail.com
Sat Mar 22 22:17:08 UTC 2014
On Sat, Mar 22, 2014 at 9:01 PM, Eric Leblond <eric at regit.org> wrote:
> Hello
>
> Got it working. No big difficulty on the conf. Almost no change but the output to get a full working elasticsearch output.
How did you get it working?
Some more details would be nice, since i am having troubles as well on
a clean installation.
>
> BR,
>
> Le 22 mars 2014 20:44, "Cooper F. Nelson" <cnelson at ucsd.edu> a écrit :
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> See subject. I've tried the published guides and haven't had any luck.
>> If someone has a working logstash.conf file they could produce that
>> would be a big help.
>>
>> - --
>> Cooper Nelson
>> Network Security Analyst
>> UCSD ACT Security Team
>> cnelson at ucsd.edu x41042
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2.0.17 (MingW32)
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iQEcBAEBAgAGBQJTLegUAAoJEKIFRYQsa8FWrRgH/AqGz8QM8qNBynXiTnAJY3lT
>> 3zphd3mj7Z5ZYSjzWs5yN1Wi5yPOa1HGfeuoCNvVGgqPGKTY/Mu3q6hTXuvSu1jo
>> VHPcMFpC0tL0ZzA4rKPf89VOKq+IBk51v9UC83rn/ckfZqc0jZ1mtZa3xa2a1ejT
>> 7O07b2nDNYG7MXeSzMQDp+JUA3cA2sr3t7+W1+3ljoPkFKcydCb83yqKLwpPbBUm
>> 3mFU0MZt4KLYZpN/uS/DX594T9z9az0K+YC1iFKTxnU2Vn7NkJ+rxlgF1XuF7ka1
>> WwPWn/bJyrvLqQEFruEPnOihmOoQDyZSYEzAXP0QpW7BqkzuwCwJGIaBjqxfHU8=
>> =8w4r
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> OISF: http://www.openinfosecfoundation.org/
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list