Hello, Martynas! I have workin solution in my project LightSIEM. You can find patterns in file https://github.com/dsvetlov/lightsiem/blob/master/roles/elk/files/ossec.pattern You are looking for pettern named OSSEC_MESSAGE_FULL.
вт, 26 мая 2015 г. в 20:07, dan (ddp) <ddp...@gmail.com>: > On Tue, May 26, 2015 at 7:00 AM, Martynas Buožis <m...@nrdcs.lt> wrote: > > Hello > > > > Maybe anyone has working archives.log integration with logstash ? > > > > Thanks for an advise. > > > > I think you can read the file with syslog-ng, strip of the OSSEC > specific header, and use syslog-ng to foward the log messages to > logstash. I feel like I looked into stripping the header many years > ago with syslog-ng, but I don't remember details. > > > With best regards > > Martynas > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- -- С уважением, Светлов Даниил. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
