Re: [mod-security-users] Modsec logs integration with ELK
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Modsec logs integration with ELK
|
From: Felipe C. <FC...@tr...> - 2017-11-09 12:39:17
|
Hi, In additional to the JSON logging, you may also need something to import those into your logstash, there is a project about it on GitHub - https://github.com/bitsofinfo/logstash-modsecurity Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> ________________________________ From: Robert Paprocki <rpa...@fe...> Sent: Thursday, November 9, 2017 1:24:52 AM To: mod...@li... Subject: Re: [mod-security-users] Modsec logs integration with ELK Yes, modsec logs can be written as JSON. This functionality was written specifically with the goal of making audit log data being machine parsable. The configuration to enable this is available via the reference docs. > On Nov 8, 2017, at 19:12, Blason R <bla...@gm...> wrote: > > Hi Guys, > > Are there any parsers available for modsec logs to integrate with ELK? I mean do we have logstash parsers? > > Or if not can modsec logs in json format? > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, http://scanmail.trustwave.com/?c=4062&d=y9GD2v08xsRyEJywOrdbuyUZoxLQHvHEN1N6b9tAEA&s=5&u=http%3a%2f%2fSlashdot%2eorg%21 http://scanmail.trustwave.com/?c=4062&d=y9GD2v08xsRyEJywOrdbuyUZoxLQHvHENwUpad9GFA&s=5&u=http%3a%2f%2fsdm%2elink%2fslashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://scanmail.trustwave.com/?c=4062&d=y9GD2v08xsRyEJywOrdbuyUZoxLQHvHENwYuboxAFQ&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://scanmail.trustwave.com/?c=4062&d=y9GD2v08xsRyEJywOrdbuyUZoxLQHvHEN1R8OtUUEQ&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial%2frules%2f > http://scanmail.trustwave.com/?c=4062&d=y9GD2v08xsRyEJywOrdbuyUZoxLQHvHEN1V4aNlARA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial%2fsupport%2f ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, http://scanmail.trustwave.com/?c=4062&d=y9GD2v08xsRyEJywOrdbuyUZoxLQHvHEN1N6b9tAEA&s=5&u=http%3a%2f%2fSlashdot%2eorg%21 http://scanmail.trustwave.com/?c=4062&d=y9GD2v08xsRyEJywOrdbuyUZoxLQHvHENwUpad9GFA&s=5&u=http%3a%2f%2fsdm%2elink%2fslashdot _______________________________________________ mod-security-users mailing list mod...@li... https://scanmail.trustwave.com/?c=4062&d=y9GD2v08xsRyEJywOrdbuyUZoxLQHvHENwYuboxAFQ&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://scanmail.trustwave.com/?c=4062&d=y9GD2v08xsRyEJywOrdbuyUZoxLQHvHEN1R8OtUUEQ&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial%2frules%2f http://scanmail.trustwave.com/?c=4062&d=y9GD2v08xsRyEJywOrdbuyUZoxLQHvHEN1V4aNlARA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial%2fsupport%2f |
