Any guidance on this thread.? On Tue, May 31, 2016 at 4:56 PM, Muhammad Asif <[email protected]> wrote:
> Dear Joe, > > I think i could not understand your point. But what i want is that i shall > use omkafka module to send report.json files as it is. we have parser in > kafka server. Problem is with wildcard to apply at > /opt/cuckoo/storage/analysis/* > level. so that it could report.json in instatly created folder. > > /opt/cuckoo/storage/analysis/10/report/report.json for one malware 10 > /opt/cuckoo/storage/analysis/11/report/report.json for one malware 11 > /opt/cuckoo/storage/analysis/12/report/report.json for one malware 12 > > > On Tue, May 31, 2016 at 4:07 PM, Joe Blow <[email protected]> wrote: > >> Have you though of creating a processing module within cuckoo to kick off >> the parsing? >> >> Then you could just take the data, prepend it with a flag, and look for >> it with rsyslog. >> >> That said those reports get massive. Do you really want to slurp an 8mb >> report and throw that in syslog? It might be easier to do whatever you >> need in python, knowing how big and deeply nested the cuckoo reports are. >> Either way, I think a processing module would be the cleanest. >> >> Cheers, >> >> JB >> >> Original Message >> From:[email protected] >> Sent:May 31, 2016 3:21 AM >> To:[email protected] >> Reply-to:[email protected] >> Subject:[rsyslog] wildcard for folders in imfile module >> >> Hi Geeks, I have a very interesting scenario. >> I am using rsyslog 8.18 version in ubuntu 14.04. I have installed cuckoo >> for dynamic Malware Analysis. >> >> Cuckoo is generating report.json file of analysis. Below is a parent >> directory. >> >> /opt/cuckoo/storage/analysis/* >> Problem is that cuckoo create a folder with numeric number name in >> consecutive order (1,2,3 etc) and further a folder with name "report". In >> this folder there is report.json. >> >> >> /opt/cuckoo/storage/analysis/* >> >> /opt/cuckoo/storage/analysis/10/report/report.json for one malware >> 10 >> /opt/cuckoo/storage/analysis/11/report/report.json for one malware >> 11 >> /opt/cuckoo/storage/analysis/12/report/report.json for one malware >> 12 >> >> How can we send these json files to remote server. >> >> Regards >> M.Asif >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. > > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
