hello ossec fellows,
i'm struggling with the json syslog_output filter. The are some "kind of" json format, but logstash is not able to decode the message right away. example json outputs in kibana4: windows alert: http://pastebin.com/2n4jsJYS linux alert: http://pastebin.com/UPAUq9pB yes, i've tried all recent grok-filters to watch the alerts.log and ossec.log with logstash directly, but as soon i forward windows event logs, this is a pure nightmare to build proper regex. Therefore i really like the idea with forwarding them through the syslog_ouput json filter and on the other side to use logstash native udp input - which is working perfectly fine! I'm really wondering, that i couldn't find any recent ossec configuration for latest logstash 1.5.0_1 release. It would be an amazing help to have a permanent, working ossec syslog forwarding solution. I'm pretty Sure a lot of people are looking fort hat - in the wonderful new world of threat analytics with ELK ;-) Thanks for any hints! Kind Regards, Gerald -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.