Just as an FYI, after posting this I thought about my setup a bit and I've
now got logstash consuming the alerts.log directly. I'll see if this works
a bit better; at first glance it seems to. I've attached my logstash.conf.
On Wednesday, February 5, 2014 2:14:36 PM UTC, Chris H wrote:
Hi.
On Wed, Feb 5, 2014 at 9:14 AM, Chris H chris.hemb...@gmail.com wrote:
Hi. I'm trying this setup, after seeing the blog post on ossec.net
recently, and regularly exceeding the 500mb limit on Splunk free. I'm
sending alerts level 3+ to logstash and 5+ to splunk still. I spent a while
On Thursday, February 6, 2014 1:06:35 PM UTC, dan (ddpbsd) wrote:
On Wed, Feb 5, 2014 at 9:14 AM, Chris H chris@gmail.com javascript:
wrote:
Hi. I'm trying this setup, after seeing the blog post on ossec.net
recently, and regularly exceeding the 500mb limit on Splunk free. I'm
On Thu, Feb 6, 2014 at 9:11 AM, Chris H chris.hemb...@gmail.com wrote:
On Thursday, February 6, 2014 1:06:35 PM UTC, dan (ddpbsd) wrote:
On Wed, Feb 5, 2014 at 9:14 AM, Chris H chris@gmail.com wrote:
Hi. I'm trying this setup, after seeing the blog post on ossec.net
recently, and
Hi. I'm trying this setup, after seeing the blog post on ossec.net
recently, and regularly exceeding the 500mb limit on Splunk free. I'm
sending alerts level 3+ to logstash and 5+ to splunk still. I spent a
while tweaking the logstash.conf to work with spunk format syslog output,
as it
On Mon, Jan 27, 2014 at 8:16 AM, Michiel van Es vanesmich...@gmail.com wrote:
Hi,
Is anyone using OSSEC = syslog = Logstash = Kibana for their setup?
We found out that the netstat -tan diff ran by syscheck gives only the first
line of the diff:
132Jan 27 11:37:43 local-machine-001 ossec:
Hi,
Is anyone using OSSEC = syslog = Logstash = Kibana for their setup?
We found out that the netstat -tan diff ran by syscheck gives only the
first line of the diff:
132Jan 27 11:37:43 local-machine-001 ossec: Alert Level: 7; Rule: 533 -
Listened ports status (netstat)
changed (new port