[syslog-ng] New ETPLC project with Syslog-NG for checking >9000 Threats on your logs!

rmkml rmkml at ligfy.org
Wed Jul 13 00:16:22 CEST 2016


Hello,

I am pround to announce the new http://etplc.org open source project
update with Syslog-NG for checking more than 9000 Threats on your
webserver/proxy logs!

It's a open source project, all feedbacks / informations are welcome.

Easy to use since 3 years ago ;)

1) add ETPLC on your Syslog-NG configuration like that:
(of course check before perl+etplc PATH and source/filter/destination configurations...)

destination d_prog { program("/usr/bin/perl /var/tmp/etplc_12jul2016a.pl -f /var/tmp/emergingall_sigs11jul2016a_snort290b.rules -s"); };
log { source(s_src); destination(d_prog); };

2) ETPLC send alert to localhost:514/udp with "-s" option

3) See All options with "-h"

4) Already supported format is Squid, Apache, Nginx, ForeFront, BlueCoat, McAfee Web Gateway, IIS logs...

5) ETPLC exist on Perl and Python versions

ETPLC available on:
  -main http://etplc.org
  -http://sourceforge.net/projects/etplc/
  -https://github.com/rmkml/etplc
  -https://hub.docker.com/r/rmkml/etplc/
  -http://twitter.com/rmkml

Special THX to InfoSec community and @EmergingThreats team!

Best Regards
@Rmkml


More information about the syslog-ng mailing list