Hi,
Thank you for the heads up! It's a very interesting project. I wonder how these could be implemented as parsers inside syslog-ng. That way there is no need to feed back results using UDP.
Also, if you use syslog-ng, there is no need for a separate Elasticsearch, etc. outputs implemented in ETPLC, as these can be handled by syslog-ng.
I plan to check it, once I have my main computer back from repair...
Bye,
Peter Czanik (CzP) <peter.czanik@balabit.com>
Balabit / syslog-ng upstream
http://czanik.blogs.balabit.com/
https://twitter.com/PCzanik
Hello,
I am pround to announce the new http://etplc.org open source project
update with Syslog-NG for checking more than 9000 Threats on your
webserver/proxy logs!
It's a open source project, all feedbacks / informations are welcome.
Easy to use since 3 years ago ;)
1) add ETPLC on your Syslog-NG configuration like that:
(of course check before perl+etplc PATH and source/filter/destination configurations...)
destination d_prog { program("/usr/bin/perl /var/tmp/etplc_12jul2016a.pl -f /var/tmp/emergingall_sigs11jul2016a_snort290b.rules -s"); };
log { source(s_src); destination(d_prog); };
2) ETPLC send alert to localhost:514/udp with "-s" option
3) See All options with "-h"
4) Already supported format is Squid, Apache, Nginx, ForeFront, BlueCoat, McAfee Web Gateway, IIS logs...
5) ETPLC exist on Perl and Python versions
ETPLC available on:
-main http://etplc.org
-http://sourceforge.net/projects/etplc/
-https://github.com/rmkml/etplc
-https://hub.docker.com/r/rmkml/etplc/
-http://twitter.com/rmkml
Special THX to InfoSec community and @EmergingThreats team!
Best Regards
@Rmkml
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq