<p dir="ltr">Hi,</p>
<p dir="ltr">Thank you for the heads up! It's a very interesting project. I wonder how these could be implemented as parsers inside syslog-ng. That way there is no need to feed back results using UDP.</p>
<p dir="ltr">Also, if you use syslog-ng, there is no need for a separate Elasticsearch, etc. outputs implemented in ETPLC, as these can be handled by syslog-ng.</p>
<p dir="ltr">I plan to check it, once I have my main computer back from repair...</p>
<p dir="ltr">Bye,</p>
<p dir="ltr">Peter Czanik (CzP) <<a href="mailto:peter.czanik@balabit.com">peter.czanik@balabit.com</a>><br>
Balabit / syslog-ng upstream<br>
<a href="http://czanik.blogs.balabit.com/">http://czanik.blogs.balabit.com/</a><br>
<a href="https://twitter.com/PCzanik">https://twitter.com/PCzanik</a></p>
<div class="gmail_quote">On Jul 13, 2016 12:16 AM, "rmkml" <<a href="mailto:rmkml@ligfy.org">rmkml@ligfy.org</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
I am pround to announce the new <a href="http://etplc.org" rel="noreferrer" target="_blank">http://etplc.org</a> open source project<br>
update with Syslog-NG for checking more than 9000 Threats on your<br>
webserver/proxy logs!<br>
<br>
It's a open source project, all feedbacks / informations are welcome.<br>
<br>
Easy to use since 3 years ago ;)<br>
<br>
1) add ETPLC on your Syslog-NG configuration like that:<br>
(of course check before perl+etplc PATH and source/filter/destination configurations...)<br>
<br>
destination d_prog { program("/usr/bin/perl /var/tmp/<a href="http://etplc_12jul2016a.pl" rel="noreferrer" target="_blank">etplc_12jul2016a.pl</a> -f /var/tmp/emergingall_sigs11jul2016a_snort290b.rules -s"); };<br>
log { source(s_src); destination(d_prog); };<br>
<br>
2) ETPLC send alert to localhost:514/udp with "-s" option<br>
<br>
3) See All options with "-h"<br>
<br>
4) Already supported format is Squid, Apache, Nginx, ForeFront, BlueCoat, McAfee Web Gateway, IIS logs...<br>
<br>
5) ETPLC exist on Perl and Python versions<br>
<br>
ETPLC available on:<br>
-main <a href="http://etplc.org" rel="noreferrer" target="_blank">http://etplc.org</a><br>
-<a href="http://sourceforge.net/projects/etplc/" rel="noreferrer" target="_blank">http://sourceforge.net/projects/etplc/</a><br>
-<a href="https://github.com/rmkml/etplc" rel="noreferrer" target="_blank">https://github.com/rmkml/etplc</a><br>
-<a href="https://hub.docker.com/r/rmkml/etplc/" rel="noreferrer" target="_blank">https://hub.docker.com/r/rmkml/etplc/</a><br>
-<a href="http://twitter.com/rmkml" rel="noreferrer" target="_blank">http://twitter.com/rmkml</a><br>
<br>
Special THX to InfoSec community and @EmergingThreats team!<br>
<br>
Best Regards<br>
@Rmkml<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br>
</blockquote></div>