Hi, It seems that by default, osquery logs JSON messages into a file. ( https://osquery.readthedocs.io/en/latest/deployment/logging/ ) You can use this file in a syslog-ng source, and parse the JSON messages with the json parser (note that you need a recent syslog-ng OSE for this), see https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-o... . The above Osquery page mentions that it can send log messages directly to syslog (instead of a file), but I haven't found how you can actually configure it. Regards, Robert On Fri, Apr 14, 2017 at 9:46 PM, Dwijadas Dey <dwijad@gmail.com> wrote:
Hi List users Is it possible to send OSQUERY logs to syslog-ng 3.5 In the OSQUERY docs <https://osquery.readthedocs.io/en/latest/deployment/syslog/> rsyslog is configured to write logs to syslog. Does the same method applies to syslog-ng 3.5 ?
Thanks and regards
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq