[syslog-ng] Syslog-ng and OSQUERY
Fekete, RĂ³bert
robert.fekete at balabit.com
Mon Apr 17 12:54:50 UTC 2017
Hi,
It seems that by default, osquery logs JSON messages into a file. (
https://osquery.readthedocs.io/en/latest/deployment/logging/ )
You can use this file in a syslog-ng source, and parse the JSON messages
with the json parser (note that you need a recent syslog-ng OSE for this),
see
https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/json-parser.html
.
The above Osquery page mentions that it can send log messages directly to
syslog (instead of a file), but I haven't found how you can actually
configure it.
Regards,
Robert
On Fri, Apr 14, 2017 at 9:46 PM, Dwijadas Dey <dwijad at gmail.com> wrote:
> Hi
> List users
> Is it possible to send OSQUERY logs to syslog-ng 3.5 In
> the OSQUERY docs
> <https://osquery.readthedocs.io/en/latest/deployment/syslog/> rsyslog is
> configured to write logs to syslog. Does the same method applies to
> syslog-ng 3.5 ?
>
> Thanks and regards
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170417/e74db431/attachment.html>
More information about the syslog-ng
mailing list