Re: [mod-security-users] Modsec logs integration with ELK
Brought to you by:
victorhora,
zimmerletw
From: Blason R <bla...@gm...> - 2017-11-09 16:39:06
|
I have not gone through the entire article but quickly wanted to know if I need to change the logging to JSON to make those parsable of use those logstash configs? On Thu, Nov 9, 2017 at 6:09 PM, Felipe Costa <FC...@tr...> wrote: > Hi, > > > In additional to the JSON logging, you may also need something to import > those into your logstash, there is a project about it on GitHub - > > https://github.com/bitsofinfo/logstash-modsecurity > > > > > Br., > > *Felipe **“**Zimmerle” Costa * > > Security Researcher, Lead Developer ModSecurity. > > > > *Trustwave* | SMART SECURITY ON DEMAND > > www.trustwave.com > > > ------------------------------ > *From:* Robert Paprocki <rpa...@fe...> > *Sent:* Thursday, November 9, 2017 1:24:52 AM > *To:* mod...@li... > *Subject:* Re: [mod-security-users] Modsec logs integration with ELK > > Yes, modsec logs can be written as JSON. This functionality was written > specifically with the goal of making audit log data being machine parsable. > The configuration to enable this is available via the reference docs. > > > On Nov 8, 2017, at 19:12, Blason R <bla...@gm...> wrote: > > > > Hi Guys, > > > > Are there any parsers available for modsec logs to integrate with ELK? I > mean do we have logstash parsers? > > > > Or if not can modsec logs in json format? > > ------------------------------------------------------------ > ------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, http://scanmail.trustwave.com/?c=4062&d= > y9GD2v08xsRyEJywOrdbuyUZoxLQHvHEN1N6b9tAEA&s=5&u=http%3a%2f% > 2fSlashdot%2eorg%21 http://scanmail.trustwave.com/?c=4062&d= > y9GD2v08xsRyEJywOrdbuyUZoxLQHvHENwUpad9GFA&s=5&u=http%3a%2f% > 2fsdm%2elink%2fslashdot > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://scanmail.trustwave.com/?c=4062&d=y9GD2v08xsRyEJywOrdbuyUZoxLQHv > HENwYuboxAFQ&s=5&u=https%3a%2f%2flists%2esourceforge% > 2enet%2flists%2flistinfo%2fmod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://scanmail.trustwave.com/?c=4062&d=y9GD2v08xsRyEJywOrdbuyUZoxLQHv > HEN1R8OtUUEQ&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg% > 2fprojects%2fcommercial%2frules%2f > > http://scanmail.trustwave.com/?c=4062&d=y9GD2v08xsRyEJywOrdbuyUZoxLQHv > HEN1V4aNlARA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg% > 2fprojects%2fcommercial%2fsupport%2f > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, http://scanmail.trustwave.com/?c=4062&d= > y9GD2v08xsRyEJywOrdbuyUZoxLQHvHEN1N6b9tAEA&s=5&u=http%3a%2f% > 2fSlashdot%2eorg%21 http://scanmail.trustwave.com/?c=4062&d= > y9GD2v08xsRyEJywOrdbuyUZoxLQHvHENwUpad9GFA&s=5&u=http%3a%2f% > 2fsdm%2elink%2fslashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://scanmail.trustwave.com/?c=4062&d=y9GD2v08xsRyEJywOrdbuyUZoxLQHv > HENwYuboxAFQ&s=5&u=https%3a%2f%2flists%2esourceforge% > 2enet%2flists%2flistinfo%2fmod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://scanmail.trustwave.com/?c=4062&d=y9GD2v08xsRyEJywOrdbuyUZoxLQHv > HEN1R8OtUUEQ&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg% > 2fprojects%2fcommercial%2frules%2f > http://scanmail.trustwave.com/?c=4062&d=y9GD2v08xsRyEJywOrdbuyUZoxLQHv > HEN1V4aNlARA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg% > 2fprojects%2fcommercial%2fsupport%2f > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |