2016-06-01 7:36 GMT+02:00 Muhammad Asif <[email protected]>: > Any guidance on this thread.?
If you have an urgent need, please consider the commercial support options: http://www.rsyslog.com/professional-services/enterprise-support/ On the issue, I think this currently is not possible and requires code changes. Rainer > > On Tue, May 31, 2016 at 4:56 PM, Muhammad Asif <[email protected]> wrote: > >> Dear Joe, >> >> I think i could not understand your point. But what i want is that i shall >> use omkafka module to send report.json files as it is. we have parser in >> kafka server. Problem is with wildcard to apply at >> /opt/cuckoo/storage/analysis/* >> level. so that it could report.json in instatly created folder. >> >> /opt/cuckoo/storage/analysis/10/report/report.json for one malware 10 >> /opt/cuckoo/storage/analysis/11/report/report.json for one malware 11 >> /opt/cuckoo/storage/analysis/12/report/report.json for one malware 12 >> >> >> On Tue, May 31, 2016 at 4:07 PM, Joe Blow <[email protected]> wrote: >> >>> Have you though of creating a processing module within cuckoo to kick off >>> the parsing? >>> >>> Then you could just take the data, prepend it with a flag, and look for >>> it with rsyslog. >>> >>> That said those reports get massive. Do you really want to slurp an 8mb >>> report and throw that in syslog? It might be easier to do whatever you >>> need in python, knowing how big and deeply nested the cuckoo reports are. >>> Either way, I think a processing module would be the cleanest. >>> >>> Cheers, >>> >>> JB >>> >>> Original Message >>> From:[email protected] >>> Sent:May 31, 2016 3:21 AM >>> To:[email protected] >>> Reply-to:[email protected] >>> Subject:[rsyslog] wildcard for folders in imfile module >>> >>> Hi Geeks, I have a very interesting scenario. >>> I am using rsyslog 8.18 version in ubuntu 14.04. I have installed cuckoo >>> for dynamic Malware Analysis. >>> >>> Cuckoo is generating report.json file of analysis. Below is a parent >>> directory. >>> >>> /opt/cuckoo/storage/analysis/* >>> Problem is that cuckoo create a folder with numeric number name in >>> consecutive order (1,2,3 etc) and further a folder with name "report". In >>> this folder there is report.json. >>> >>> >>> /opt/cuckoo/storage/analysis/* >>> >>> /opt/cuckoo/storage/analysis/10/report/report.json for one malware >>> 10 >>> /opt/cuckoo/storage/analysis/11/report/report.json for one malware >>> 11 >>> /opt/cuckoo/storage/analysis/12/report/report.json for one malware >>> 12 >>> >>> How can we send these json files to remote server. >>> >>> Regards >>> M.Asif >>> _______________________________________________ >>> rsyslog mailing list >>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>> http://www.rsyslog.com/professional-services/ >>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>> DON'T LIKE THAT. >>> _______________________________________________ >>> rsyslog mailing list >>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>> http://www.rsyslog.com/professional-services/ >>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>> DON'T LIKE THAT. >> >> >> > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
