Understood. I'm putting in hostnames for agent names, so in my case, it
applies.
On Thursday, October 20, 2016 at 3:44:59 AM UTC-7, dan (ddpbsd) wrote:
>
> On Wed, Oct 19, 2016 at 9:49 PM, > wrote:
> > I've recently setup my ossec server to output alerts to a json file.
> I'm
> > sending it
Thanks Pedro, I'll take a look at the Wazuh OSSEC fork.
On Thursday, October 20, 2016 at 3:37:36 AM UTC-7, Pedro S wrote:
>
> Hi Ron,
>
> If you are using a integration with Elasticseach, try out Wazuh fork based
> on OSSEC, augmented JSON capabilities including the AgentName you need.
> Internal
On Wed, Oct 19, 2016 at 9:49 PM, wrote:
> I've recently setup my ossec server to output alerts to a json file. I'm
> sending it over to logstash and elasticsearch. I'd like to create a kibana
> dashboard that defines individual ossec agent hosts.
>
> The issue is that the json doesn't have it's
On Thu, Oct 20, 2016 at 6:37 AM, Pedro Sanchez wrote:
> Hi Ron,
>
> If you are using a integration with Elasticseach, try out Wazuh fork based
> on OSSEC, augmented JSON capabilities including the AgentName you need.
Use OSSEC, not OSSEC. OSSEC and OSSEC don't have the same capabilities
as OSSEC
Hi Ron,
If you are using a integration with Elasticseach, try out Wazuh fork based
on OSSEC, augmented JSON capabilities including the AgentName you need.
Internal field "lf->hostname" includes parenthesis like you said, so we are
extracting the content inside, also we rename the field in Logstash
I've recently setup my ossec server to output alerts to a json file. I'm
sending it over to logstash and elasticsearch. I'd like to create a kibana
dashboard that defines individual ossec agent hosts.
The issue is that the json doesn't have it's own dedicated field for agent
host. Here's an e
