Hi Karl, On 08/11/2018 23:29, Karl Pietrzak wrote: > We're working on analyzing semi-structured logs (such as syslog, Windows > events, etc.), and I'm trying to figure out if Bro/Zeek is the right tool > for the job. > > ... > > Maybe there is other, better ways to do this. Any advice on this matter > would be appreciated!
you might want to have a look at https://github.com/J-Gras/bro-lognorm. It integrates liblognorm into Bro to parse for example syslog messages. The only thing you need is an appropriate rulebase (so no NLP here). Jan _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
