Dear Joe, I think i could not understand your point. But what i want is that i shall use omkafka module to send report.json files as it is. we have parser in kafka server. Problem is with wildcard to apply at /opt/cuckoo/storage/analysis/* level. so that it could report.json in instatly created folder.
/opt/cuckoo/storage/analysis/10/report/report.json for one malware 10 /opt/cuckoo/storage/analysis/11/report/report.json for one malware 11 /opt/cuckoo/storage/analysis/12/report/report.json for one malware 12 On Tue, May 31, 2016 at 4:07 PM, Joe Blow <[email protected]> wrote: > Have you though of creating a processing module within cuckoo to kick off > the parsing? > > Then you could just take the data, prepend it with a flag, and look for it > with rsyslog. > > That said those reports get massive. Do you really want to slurp an 8mb > report and throw that in syslog? It might be easier to do whatever you > need in python, knowing how big and deeply nested the cuckoo reports are. > Either way, I think a processing module would be the cleanest. > > Cheers, > > JB > > Original Message > From:[email protected] > Sent:May 31, 2016 3:21 AM > To:[email protected] > Reply-to:[email protected] > Subject:[rsyslog] wildcard for folders in imfile module > > Hi Geeks, I have a very interesting scenario. > I am using rsyslog 8.18 version in ubuntu 14.04. I have installed cuckoo > for dynamic Malware Analysis. > > Cuckoo is generating report.json file of analysis. Below is a parent > directory. > > /opt/cuckoo/storage/analysis/* > Problem is that cuckoo create a folder with numeric number name in > consecutive order (1,2,3 etc) and further a folder with name "report". In > this folder there is report.json. > > > /opt/cuckoo/storage/analysis/* > > /opt/cuckoo/storage/analysis/10/report/report.json for one malware 10 > /opt/cuckoo/storage/analysis/11/report/report.json for one malware 11 > /opt/cuckoo/storage/analysis/12/report/report.json for one malware 12 > > How can we send these json files to remote server. > > Regards > M.Asif > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
