Hello, Dan.
Yes, you can use that pattern for reading archives.log and also you can use
tool like logstash forwarder, if your logstash afe installed on separate
server.
Feel free to ask me, if you have any questions.
вт, 18 авг. 2015, 21:11, Dan Burns dburns6...@gmail.com:
Hi Daniil,
I'm
Hi Daniil,
I'm interested in using your pattern to read the archives.log file with
Logstash, am I correct that I can use this on the file input for the
archives.log file to properly parse messages?
On Monday, June 29, 2015 at 5:16:34 PM UTC-4, Daniil Svetlov wrote:
Hello, Martynas!
I have
Hello
Thanks a mil. I will check that.
Martynas
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of Daniil Svetlov
Sent: Tuesday, June 30, 2015 12:07 AM
To: ossec-list@googlegroups.com
Subject: Re: [ossec-list] archives.log and logstash
Hello, Martynas!
I have
On 05/26/2015 12:03 PM, dan (ddp) wrote:
I think you can read the file with syslog-ng, strip of the OSSEC
specific header, and use syslog-ng to foward the log messages to
logstash. I feel like I looked into stripping the header many years
ago with syslog-ng, but I don't remember details.
Hello, Martynas!
I have workin solution in my project LightSIEM.
You can find patterns in file
https://github.com/dsvetlov/lightsiem/blob/master/roles/elk/files/ossec.pattern
You are looking for pettern named OSSEC_MESSAGE_FULL.
вт, 26 мая 2015 г. в 20:07, dan (ddp) ddp...@gmail.com:
On Tue,
Hello
Maybe anyone has working archives.log integration with logstash ?
Thanks for an advise.
With best regards
Martynas
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this group and stop receiving emails from it,
On Tue, May 26, 2015 at 7:00 AM, Martynas Buožis m...@nrdcs.lt wrote:
Hello
Maybe anyone has working archives.log integration with logstash ?
Thanks for an advise.
I think you can read the file with syslog-ng, strip of the OSSEC
specific header, and use syslog-ng to foward the log messages