Hi, Thanks for the advices David and Santiago.
I am checking these possibilities to achieve my goal. I think I will need to come back at a later point hoping for your help again. :) Once again, Thank you! Bhuvanesh On Friday, May 6, 2016 at 1:49:36 PM UTC+5:30, Bhuvanesh Bhuvanachandran wrote: > > Hi Guys, > > I have a problem which I need some expert advise. > > I have a number of systems with the following softwares. > > 1. Apache proxy server > 2. Apache Tomcat > 3. Oracle DB > > I want to create a central syslog server, where all logs from the above > and other system logs get ported and is analyzed at the central server and > a dash board is required at the end. > > I could see a few combination to achieve this possibly. > > 1. Ossec agents monitor log files and port all log to OSSEC server (/var/ > ossec/logs/archives/archives.log) + logstash +elastic search + Kibana > > 2. Ossec agent port all log files + Ossec server syslog output + logstash > +elastic search + Kibana > > 3. rsyslog on client machines write logs to central syslog server + Ossec > monitor central syslog server output + logstash +elastic search + Kibana > > What is expected on the dashboard is > > 1. PCI DSS compliance dash board. (This is possible with Ossec alerts > visualization I understand). > > 2. All access data in graphs, say from apache logs top hit hosts, top urls > , error counts etc.(This is possible only if archives log is active) > > I want to happen both ossec alert log and archive log porting at the same > time. Is this possible with Ossec? > > Or if this is a better way ? porting all logs with some syslog programs (I > am not sure what to use for this.) and ossec will process the central > server syslog and make alerts from that. > > Also is it possible to pass multiple inputs to logstash (archive log input > and ossec syslog input) ? > > How to parse the actual messages and categorize (since it can contain > messages from apache logs, messages , oracle logs etc) at logstash, is > there someone can provide a filter example? > > Please advise how to go ahead with this requirements. > > Thanks, > Bhuvanesh > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
