Have you though of creating a processing module within cuckoo to kick off the parsing?
Then you could just take the data, prepend it with a flag, and look for it with rsyslog. That said those reports get massive. Do you really want to slurp an 8mb report and throw that in syslog? It might be easier to do whatever you need in python, knowing how big and deeply nested the cuckoo reports are. Either way, I think a processing module would be the cleanest. Cheers, JB Original Message From:[email protected] Sent:May 31, 2016 3:21 AM To:[email protected] Reply-to:[email protected] Subject:[rsyslog] wildcard for folders in imfile module Hi Geeks, I have a very interesting scenario. I am using rsyslog 8.18 version in ubuntu 14.04. I have installed cuckoo for dynamic Malware Analysis. Cuckoo is generating report.json file of analysis. Below is a parent directory. /opt/cuckoo/storage/analysis/* Problem is that cuckoo create a folder with numeric number name in consecutive order (1,2,3 etc) and further a folder with name "report". In this folder there is report.json. /opt/cuckoo/storage/analysis/* /opt/cuckoo/storage/analysis/10/report/report.json for one malware 10 /opt/cuckoo/storage/analysis/11/report/report.json for one malware 11 /opt/cuckoo/storage/analysis/12/report/report.json for one malware 12 How can we send these json files to remote server. Regards M.Asif _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
