Snort mailing list archives
Logstash and snort
From: James Lay <jlay () slave-tothe-box net>
Date: Tue, 5 Nov 2013 20:15:03 -0700
Hey All, So…I’ve been mucking with Logstash for a couple weeks, and here’s my attempt at getting it to go: http://tinypic.com/r/24chymp/5 Below paste bin is my logstash.conf: http://pastebin.com/GmGBAm1d This config has a couple more items…noticeably iptables firewall hits and SASL failures. You should be able to nuke those sections out if not applicable. A quick and dirty go of it: Download https://download.elasticsearch.org/logstash/logstash/logstash-1.2.2-flatjar.jar change the path to your syslog file run the web process first with (dump to background with &): java -jar logstast-1.2.2-flatjar.jar web & run the config process with: java -jar logstash-1.2.2-flatjar.jar agent -f logstash.conf Wait a few, then point your browser to hostname:9292 Enjoy! James
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------------------------------------------ November Webinars for C, C++, Fortran Developers Accelerate application performance with scalable programming models. Explore techniques for threading, error checking, porting, and tuning. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Logstash and snort James Lay (Nov 05)