Hi Luca, Let me explain the architecture of my SIEM:
Logstash + elasticsearch Logstash: Log shiper, log parsing and conversion elasticsearch: log index and search engine Its architecture is like the drawing in this page http://logstash.net/docs/1.3.2/tutorials/getting-started-centralized Since Logstash supports lots of input and output, so it needn't special format for the feed log, of course, json is good option. What I want is : I can feed The ntopng data into Logstash in near real time, some delay is also fine. Thanks! BTW, Happy New Year! Best regards, John 2013/12/31 Luca Deri <[email protected]> > > John, > let me ask another question instead. What format do you need in your SIEM? Please make an example > Regards Luca > On 31 Dec 2013, at 07:55, John Zhang <[email protected]> wrote: > > Hi everyone, > > My SIEM is Logstash + elasticsearch, and I want to add the data of ntopng to my SIEM. So my big problem is: How I export data of ntopng into Logstash? > > Any suggestion, comment, or reference will be highly appreciate! > > Thanks! > > Best regards, > > John > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc >
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
