[syslog-ng] eStreamer src Integration
Balazs Scheidler
bazsi77 at gmail.com
Tue Aug 1 06:14:19 UTC 2017
Even if its an external script it might be good enough to convert it to an
scl to make it look like a syslog-ng source. That way, it might even be
integrated into syslog-ng.
On Jul 30, 2017 22:29, "Scot" <scotrn at gmail.com> wrote:
> I agree on the client part, Cisco products do support sending event data
> off in syslog or snmp trap format but in limited detail.
>
> Now that I have had more time to play with it it looks like the best
> method would be to use an eStream client to pull data and reformat it as an
> input to syslog-ng. May seem like I am pushing a square peg into a round
> hole but, I like using syslog-ng as a single platform for aggregating a
> routing our data streams.
>
> As you probably know syslog-ng isn;t limited to syslog data. Like the json
> stream solution for ELastic.co beats posted earlier I think I should be
> able to use on of the open source eStreamer clients to convert the NV pairs
> into a json input for syslog-ng.
>
> Working with the Splunk eStreamer client written by cisco in perl but
> there are also a few older clients on github.
>
>
>
>
>
>
> On Sun, Jul 30, 2017 at 4:04 PM, Scheidler, Balázs <
> balazs.scheidler at balabit.com> wrote:
>
>> Hi,
>>
>> I have quickly checked out this document: http://www.cisco.com/c/en/us/t
>> d/docs/security/firesight/540/api/estreamer/EventStreamerInt
>> egrationGuide/Protocol.html
>>
>> It seems that it is a protocol that is completely independent of syslog.
>> The connection is established in a reverse direction (e.g. the node that
>> wants to get logs has to establish the connection), then it needs to
>> specify the kind of messages it is interested in and then receive the
>> messages on the same connection.
>>
>> This probably requires a dedicated source driver in syslog-ng. I think
>> the various language bindings would not support this, so it has to be
>> written in C. Alternatively you can write a program that polls these
>> messages and writes them to stdout, which then can be processed by
>> syslog-ng.
>>
>> --
>> Bazsi
>>
>> On Fri, Jul 28, 2017 at 9:08 PM, Scot <scotrn at gmail.com> wrote:
>>
>>> Has anyone looked at sending Cisco eStreamer events to syslog-ng ?
>>>
>>> We have a couple Cisco Firepower management centers and I would rather
>>> use syslog-ng over sending directly to splunk so that we may use other
>>> integrations like elastic and our NMS.
>>>
>>> I have the eStreamer SDK on my syslog-ng server and wondered if anyone
>>> else has worked on this. Search of the user archive says no.
>>>
>>>
>>> Thanks
>>> Scot
>>>
>>>
>>> ____________________________________________________________
>>> __________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support
>>> /documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=
>> syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170801/938a059e/attachment.html>
More information about the syslog-ng
mailing list