[syslog-ng] New ETPLC project with Syslog-NG for checking >9000 Threats on your logs!
rmkml
rmkml at ligfy.org
Wed Jul 13 00:16:22 CEST 2016
Hello,
I am pround to announce the new http://etplc.org open source project
update with Syslog-NG for checking more than 9000 Threats on your
webserver/proxy logs!
It's a open source project, all feedbacks / informations are welcome.
Easy to use since 3 years ago ;)
1) add ETPLC on your Syslog-NG configuration like that:
(of course check before perl+etplc PATH and source/filter/destination configurations...)
destination d_prog { program("/usr/bin/perl /var/tmp/etplc_12jul2016a.pl -f /var/tmp/emergingall_sigs11jul2016a_snort290b.rules -s"); };
log { source(s_src); destination(d_prog); };
2) ETPLC send alert to localhost:514/udp with "-s" option
3) See All options with "-h"
4) Already supported format is Squid, Apache, Nginx, ForeFront, BlueCoat, McAfee Web Gateway, IIS logs...
5) ETPLC exist on Perl and Python versions
ETPLC available on:
-main http://etplc.org
-http://sourceforge.net/projects/etplc/
-https://github.com/rmkml/etplc
-https://hub.docker.com/r/rmkml/etplc/
-http://twitter.com/rmkml
Special THX to InfoSec community and @EmergingThreats team!
Best Regards
@Rmkml
More information about the syslog-ng
mailing list