[syslog-ng] New ETPLC project with Syslog-NG for checking >9000 Threats on your logs!
Czanik, Péter
peter.czanik at balabit.com
Wed Jul 13 10:30:03 CEST 2016
Hi,
Thank you for the heads up! It's a very interesting project. I wonder how
these could be implemented as parsers inside syslog-ng. That way there is
no need to feed back results using UDP.
Also, if you use syslog-ng, there is no need for a separate Elasticsearch,
etc. outputs implemented in ETPLC, as these can be handled by syslog-ng.
I plan to check it, once I have my main computer back from repair...
Bye,
Peter Czanik (CzP) <peter.czanik at balabit.com>
Balabit / syslog-ng upstream
http://czanik.blogs.balabit.com/
https://twitter.com/PCzanik
On Jul 13, 2016 12:16 AM, "rmkml" <rmkml at ligfy.org> wrote:
> Hello,
>
> I am pround to announce the new http://etplc.org open source project
> update with Syslog-NG for checking more than 9000 Threats on your
> webserver/proxy logs!
>
> It's a open source project, all feedbacks / informations are welcome.
>
> Easy to use since 3 years ago ;)
>
> 1) add ETPLC on your Syslog-NG configuration like that:
> (of course check before perl+etplc PATH and source/filter/destination
> configurations...)
>
> destination d_prog { program("/usr/bin/perl /var/tmp/etplc_12jul2016a.pl
> -f /var/tmp/emergingall_sigs11jul2016a_snort290b.rules -s"); };
> log { source(s_src); destination(d_prog); };
>
> 2) ETPLC send alert to localhost:514/udp with "-s" option
>
> 3) See All options with "-h"
>
> 4) Already supported format is Squid, Apache, Nginx, ForeFront, BlueCoat,
> McAfee Web Gateway, IIS logs...
>
> 5) ETPLC exist on Perl and Python versions
>
> ETPLC available on:
> -main http://etplc.org
> -http://sourceforge.net/projects/etplc/
> -https://github.com/rmkml/etplc
> -https://hub.docker.com/r/rmkml/etplc/
> -http://twitter.com/rmkml
>
> Special THX to InfoSec community and @EmergingThreats team!
>
> Best Regards
> @Rmkml
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160713/b4fc3da9/attachment.htm
More information about the syslog-ng
mailing list