On Wed, Oct 19, 2016 at 9:49 PM, <[email protected]> wrote: > I've recently setup my ossec server to output alerts to a json file. I'm > sending it over to logstash and elasticsearch. I'd like to create a kibana > dashboard that defines individual ossec agent hosts. > > The issue is that the json doesn't have it's own dedicated field for agent > host. Here's an example alert event (location field): > "(example-host) 10.0.0.5->/var/log/messages" > > Notice how the actual agent hostname is in parenthesis? This makes it very
I don't think that's the hostname, I think it's the agent name. > difficult to unique on hostname alone. It would be much better if there was > another field called location.agentHost or some other field that contains > just the agent hostname. > > Anyone know of a workaround so I can get the agent hostname in a json field > all by itself? > You can submit a pull request to https://github.com/ossec/ossec-hids Any contributions are appreciated! > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
