Logstash and snort

[James Lay <jlay () slave-tothe-box net>]

Hey All,

So…I’ve been mucking with Logstash for a couple weeks, and here’s my attempt at getting it to go:

http://tinypic.com/r/24chymp/5

Below paste bin is my logstash.conf:

http://pastebin.com/GmGBAm1d

This config has a couple more items…noticeably iptables firewall hits and SASL failures.  You should be able to nuke 
those sections out if not applicable.  A quick and dirty go of it:

Download https://download.elasticsearch.org/logstash/logstash/logstash-1.2.2-flatjar.jar

change the path to your syslog file

run the web process first with (dump to background with &):  java -jar logstast-1.2.2-flatjar.jar web &

run the config process with: java -jar logstash-1.2.2-flatjar.jar agent -f logstash.conf

Wait a few, then point your browser to hostname:9292

Enjoy!

James

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

------------------------------------------------------------------------------
November Webinars for C, C++, Fortran Developers
Accelerate application performance with scalable programming models. Explore
techniques for threading, error checking, porting, and tuning. Get the most 
from the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!