mlogc has, as I'm lead to believe, logic to parse the audit index log to find new files; send the new data to a collector via http put; and then after receiving a 200 OK; deleting them from the local device.
I'm not so much interested in replacing the local file capabilities of mlogc with something rsyslog'ish, To be clear, I'm interested in replacing the collector with something rsyslog'ish that can digest mlogc input. On Thu, Mar 28, 2019 at 2:03 PM David Lang <[email protected]> wrote: > how does mlogc collect the logs from ModSecurity? what mechanisms does > ModSecurity have to deliver logs to any destination? > > If mlogc is just reading the files like imfile does, what benefit does it > provide? > > If it's getting the logs in some other way, that would (probably) be what > we > would look to support rather than a non-standard http put. > > David Lang > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
