|
From: Paul B. <pau...@ou...> - 2019-10-09 07:27:11
|
I'm interested in ingesting the mod-security audit log (generated by modsecurity 2.9.x) into elasticsearch or other system. However, parsing the audit log format looks like it will require a substantial amount of work. I was hoping that someone might have solved this problem, and that I could reuse an existing solution. I've spent a while googling, trying to find what existing solutions exist. The only thing I've managed to find are a couple of blog posts with github links from several years ago: https://github.com/bitsofinfo/logstash-modsecurity<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fbitsofinfo%2Flogstash-modsecurity&data=02%7C01%7CP.Beckett%40uea.ac.uk%7C2373f6ec44b248380f8508d74c84b3c7%7Cc65f8795ba3d43518a070865e5d8f090%7C0%7C0%7C637062005146617288&sdata=ECTTZfGFdDHiwMzps20ss9i%2FEX1m7DD3LF5is0LI4%2BM%3D&reserved=0> https://github.com/bitsofinfo/fluentd-modsecurity Before I dive to far down this rabbit hole, I was wondering if anyone else out there in the community had a solution for this, and if so whether they would be willing to share their high level approach, and/or any implementation details. Thanks, Paul |
