[Oisf-users] "Meer" - A dedicated "spooler" for the Suricata & Sagan EVE output formats.

Champ Clark III cclark at quadrantsec.com
Tue Sep 11 20:33:57 UTC 2018

Hello all, 

I've been trying to get my ducks in a row before Suricon! With that in mind, I've added PostgreSQL support to "Meer". If you're interested in an alternative "spooler", please check out [ https://github.com/beave/meer | https://github.com/beave/meer ] ! 

It needs more PostgreSQL testing... and testing in general :) 

From: "Champ Clark, III" <cclark at quadrantsec.com> 
To: "oisf-users" <oisf-users at lists.openinfosecfoundation.org> 
Sent: Monday, April 30, 2018 12:53:28 PM 
Subject: "Meer" - A dedicated "spooler" for the Suricata & Sagan EVE output formats. 

Hello all, 

I've been working on a small project that I thought some fellow Suricata users might be interested in. 

The project is called "Meer" and the idea behind it is similar too "Barnyard2", but rather than reading Snort’s “Unified2” files, Meer reads Suricata and Sagan EVE/JSON alert files. 

"Meer" can store to the traditional Snort style database so it remains functional with consoles like Snorby, Sguil, etc. We've also extended the database to support extra Suricata metadata (http, tls, dns, etc) from alerts. 

"Meer" is fast, simple and light weight. 

For more information, please check out https://github.com/beave/meer (the README.md goes into more details). 


- Champ Clark III 
cclark at quadrantsec.com 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180911/58339d5a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2128 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180911/58339d5a/attachment.bin>

More information about the Oisf-users mailing list