On Wednesday, September 14, 2011 4:09:34 PM UTC+2, dan (ddpbsd) wrote:
> > Do you use logstash/grok to clean up the ossec headers? > > I looked on logstash but thought that it might just be a more complex > > environment. > > > > It's complex, but not too bad. I forward ossec alerts through > logstash, but not the archives.log (all of the logs going into ossec). > I forward syslog from various hosts to logstash to get the non-alert > log messages. > > > But perhaps that can be a good way to handle strange properitary logs > from > > our windows applications. > > I like logstash a lot. I think it's going to be a big help for a lot of > people. > Do you collect windows logs with OSSEC, other than security log? I'm working in a 95% Windows shop, so there are almost no good ways to collect the application logs from the windows systems. Perhaps with a custom ossec logfile "syslog" and the "command/full command" there are some good ways to check strange files. But the Oracle/Mssql pure logging apps is a lost cause I guess.. -- Regards Falk
