Hi, Thank you for the heads up! It's a very interesting project. I wonder how these could be implemented as parsers inside syslog-ng. That way there is no need to feed back results using UDP. Also, if you use syslog-ng, there is no need for a separate Elasticsearch, etc. outputs implemented in ETPLC, as these can be handled by syslog-ng. I plan to check it, once I have my main computer back from repair... Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik On Jul 13, 2016 12:16 AM, "rmkml" <rmkml@ligfy.org> wrote:

Hello,

I am pround to announce the new http://etplc.org open source project update with Syslog-NG for checking more than 9000 Threats on your webserver/proxy logs!

It's a open source project, all feedbacks / informations are welcome.

Easy to use since 3 years ago ;)

1) add ETPLC on your Syslog-NG configuration like that: (of course check before perl+etplc PATH and source/filter/destination configurations...)

destination d_prog { program("/usr/bin/perl /var/tmp/etplc_12jul2016a.pl -f /var/tmp/emergingall_sigs11jul2016a_snort290b.rules -s"); }; log { source(s_src); destination(d_prog); };

2) ETPLC send alert to localhost:514/udp with "-s" option

3) See All options with "-h"

4) Already supported format is Squid, Apache, Nginx, ForeFront, BlueCoat, McAfee Web Gateway, IIS logs...

5) ETPLC exist on Perl and Python versions

ETPLC available on: -main http://etplc.org -http://sourceforge.net/projects/etplc/ -https://github.com/rmkml/etplc -https://hub.docker.com/r/rmkml/etplc/ -http://twitter.com/rmkml

Special THX to InfoSec community and @EmergingThreats team!

Best Regards @Rmkml

______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq