On Tue, May 26, 2015 at 1:43 PM, T-SOC Operations <[email protected]> wrote: > hello ossec fellows, > > > > i'm struggling with the json syslog_output filter. The are some "kind of" > json format, but logstash is not able > > to decode the message right away. > > > > example json outputs in kibana4: > > windows alert: http://pastebin.com/2n4jsJYS > > linux alert: http://pastebin.com/UPAUq9pB > > > > > > yes, i've tried all recent grok-filters to watch the alerts.log and > ossec.log with logstash directly, but as soon i forward > > windows event logs, this is a pure nightmare to build proper regex. > > > > Therefore i really like the idea with forwarding them through the > syslog_ouput json filter and on the other > > side to use logstash native udp input - which is working perfectly fine! > > > > > > I'm really wondering, that i couldn't find any recent ossec configuration > for latest logstash 1.5.0_1 release. > > > > > > It would be an amazing help to have a permanent, working ossec syslog > forwarding solution. I'm pretty > > Sure a lot of people are looking fort hat - in the wonderful new world of > threat analytics with ELK ;-) > >
I'm probably overlooking something extremely simple, but what exactly are you looking for? > > > > Thanks for any hints! > > > > Kind Regards, > > Gerald > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
