Re: [mod-security-users] Reading Concurrent Logs into Graylog
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Reading Concurrent Logs into Graylog
|
From: Robert P. <rpa...@fe...> - 2016-10-19 23:33:39
|
On Wed, Oct 19, 2016 at 4:06 PM, Jason Mull <jm...@te...> wrote: > I think that might be the issue…I went ahead and enabled the multiline > module in nxlog.conf and all of the info instantly started coming through. > I’m assuming that the multiline module is adding the newline that GrayLog > wants to see. Any thoughts on whether this setup could cause me any issues > down the line? > Not sure about 'down the line', but tbh I think ModSecurity should write a trailing newline to concurrent logs. You could rebuild modsec with this patch: https://patch-diff.githubusercontent.com/raw/SpiderLabs/ModSecurity/pull/1233.diff Which will append newline to concurrent JSON logs. This seems like a saner solution than hoping other tooling in your stack is capable of handling data without newline delimitation. |
