Hi,
Thank you for the welcome! The concepts behind Metron are nice, very nice.
Finally network log / data analysis is possible using different approaches.
It has been a few years since I used tools such as Suricata, Bro, Snort,
OSSEC, PF_RING. But the integration of some of those at scale... nice
+1 to that!!
On Mon, Dec 17, 2018 at 13:16 Michael Miklavcic
wrote:
> And a big thanks to Justin Leet for being our release manager. Great work
> Justin!
>
> On Mon, Dec 17, 2018 at 10:07 AM Justin Leet wrote:
>
>> Hi all,
>>
>> I’m pleased to announce the release of Metron 0.7.0! There's been a
And a big thanks to Justin Leet for being our release manager. Great work
Justin!
On Mon, Dec 17, 2018 at 10:07 AM Justin Leet wrote:
> Hi all,
>
> I’m pleased to announce the release of Metron 0.7.0! There's been a lot
> of work on improvements, upgrades, discussion, and more. Thanks to everyon
Hi all,
I’m pleased to announce the release of Metron 0.7.0! There's been a lot of
work on improvements, upgrades, discussion, and more. Thanks to everyone
who's contributed, and thank you to our users.
Details:
The official release source code tarballs may be obtained at any of the
mirrors liste
Hi Pieter,
Welcome to the Metron community.
The logic used by the CEF parser right now is to populate the timestamp
field as follows:
1. if the rt field exists, use that.
2. if there is a field matching the syslogTime pattern (either the old
pattern of 5424)
3. If neither are present, it uses cur
Hi,
For correlation & profiling the presense of a correct timestamp / eventtime
is important,
what to do with a device implementing CEF output, but not properly
providing the rt field?
Also syslogTime is not parsed by the CEF parser.
There is another field present, how can I assure this field is
