On Tue, Mar 11, 2014 at 7:54 AM, Aaron Hunter <aaron.hunt...@gmail.com> wrote: > I recently discovered OSSEC and find it a great tool. My thanks to the > developers for their hard work on this product. I especially like the log > events rules engine. > > My issue is that I am finding it a challenge to integrate OSSEC into my > logging architecture. I don't see a way, and I hope this is just my > inexperience, to feed OSSEC logs from other networked sources instead of the > OSSEC agent on the clients. For the sake of this discussion, let's say I > have the following logging architecture: > > Client Host -> logstash -> zeroMQ -> logstash server -> elasticsearch > cluster > > I would like to have OSSEC also receive all the log events via zeroMQ sent > by the logstatsh clients, process the events in its rules engine, and then > send any alerts to the logstash server. It would be helpful if the log > events could be structured JSON rather than syslog format lines. > > I don't want the OSSEC client agent to send the logs to the OSSEC server > since I have another component (in this case logstatsh) doing that already > and would like to avoid redundant traffic and administration. As far as I > can tell there is no current way to send logs to an OSSEC server directly > via some network protocol such as zeroMQ. I did see that support for zeroMQ > output has been added and that JSON export also seems to be available. > Perhaps you would consider adding zeroMQ and JSON input functionality as > well? >
We love pull requests https://github.com/ossec/ossec-hids :) > Cheers, > Aaron > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
