[Oisf-users] Sending Syslog output to Rsyslog + Loganalyzer
Zeolla@GMail.com
zeolla at gmail.com
Sat Apr 30 17:49:03 UTC 2016
I have some templates in my github.com/jonzeolla/configs that do something
json handling, etc. on the rsyslog side but not _exactly_ what you are
looking at doing (I.e. it wouldn't be copy paste and a few substitutions).
That being said, I've used all the tools mentioned ^ and would be willing
to help if you'd like to have a real time chat.
Jon
On Sat, Apr 30, 2016, 13:14 Eric Leblond <eric at regit.org> wrote:
> Hi,
>
>
> Le 30 avr. 2016 6:33 PM, Chris Boley <ilgtech75 at gmail.com> a écrit :
> >
> > On my home rig I've been just using tail -f to watch the data scroll
> through. I'm now getting to where I would like to make my data search-able.
> I am seeing where on of my easiest options would possibly be to push to a
> syslog server on a separate computer and then monitor my logging. Does
> anyone use the ' LogAnalyzer ' syslog interface with rsyslog to log
> suricata output?
>
> Nope. I don't know that interface but I warmly recommend you to look at
> Elasticsearch, Splunk or dedicated tools.
>
> > After reading:
> >
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Syslog_Alerting_Compatibility
> >
> > The template shown in there is representing sysklogd format and not
> rsyslog format I think. If nobody has at template, I'll have to figure out
> what the example shown is doing in sysklogd format and translate that over
> to an equivalent rsyslog format.
>
> Suricata output is compatible with rsyslog. You can even activate the @cee
> prefix to get the eventsmparses at JSON.
>
> ++
>
> >
> > Thanks in advance.
> > Chris Boley
> >
> >
> >
> >
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC:
> http://oisfevents.net
--
Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160430/792c7a77/attachment-0002.html>
More information about the Oisf-users
mailing list