Hi John,
We are working more or less along those lines, but from a different
origin
What we do is transform all data into Apache Kafka messages and then
work from there
In particular we have modified nprobe to export such data (bad hack,
just a fast solution whuile we get into something better done) as well
as Snort (through Barnyard2)
Our next step will be to do the same with syslog messages, and use
elasticsearch too.
What do you think?
On 31/12/13 10:40, Luca Deri wrote:
John,
let me ask another question instead. What format do you need in your
SIEM? Please make an example
Regards Luca
On 31 Dec 2013, at 07:55, John Zhang <[email protected]
<mailto:[email protected]>> wrote:
Hi everyone,
My SIEM is Logstash + elasticsearch, and I want to add the data of
ntopng to my SIEM. So my big problem is: How I export data of ntopng
into Logstash?
Any suggestion, comment, or reference will be highly appreciate!
Thanks!
Best regards,
John
_______________________________________________
Ntop-misc mailing list
[email protected] <mailto:[email protected]>
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
--
Jaime Nebrera - [email protected]
Consultor TI - ENEO Tecnologia SL
C/ Manufactura 2, Edificio Euro, Oficina 3N
Mairena del Aljarafe - 41927 - Sevilla
Telf.- 955 60 11 60 / 619 04 55 18
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
