[syslog-ng] eStreamer src Integration
Scot
scotrn at gmail.com
Sun Jul 30 20:29:53 UTC 2017
I agree on the client part, Cisco products do support sending event data
off in syslog or snmp trap format but in limited detail.
Now that I have had more time to play with it it looks like the best method
would be to use an eStream client to pull data and reformat it as an input
to syslog-ng. May seem like I am pushing a square peg into a round hole
but, I like using syslog-ng as a single platform for aggregating a routing
our data streams.
As you probably know syslog-ng isn;t limited to syslog data. Like the json
stream solution for ELastic.co beats posted earlier I think I should be
able to use on of the open source eStreamer clients to convert the NV pairs
into a json input for syslog-ng.
Working with the Splunk eStreamer client written by cisco in perl but there
are also a few older clients on github.
On Sun, Jul 30, 2017 at 4:04 PM, Scheidler, Balázs <
balazs.scheidler at balabit.com> wrote:
> Hi,
>
> I have quickly checked out this document: http://www.cisco.com/c/en/us/
> td/docs/security/firesight/540/api/estreamer/
> EventStreamerIntegrationGuide/Protocol.html
>
> It seems that it is a protocol that is completely independent of syslog.
> The connection is established in a reverse direction (e.g. the node that
> wants to get logs has to establish the connection), then it needs to
> specify the kind of messages it is interested in and then receive the
> messages on the same connection.
>
> This probably requires a dedicated source driver in syslog-ng. I think the
> various language bindings would not support this, so it has to be written
> in C. Alternatively you can write a program that polls these messages and
> writes them to stdout, which then can be processed by syslog-ng.
>
> --
> Bazsi
>
> On Fri, Jul 28, 2017 at 9:08 PM, Scot <scotrn at gmail.com> wrote:
>
>> Has anyone looked at sending Cisco eStreamer events to syslog-ng ?
>>
>> We have a couple Cisco Firepower management centers and I would rather
>> use syslog-ng over sending directly to splunk so that we may use other
>> integrations like elastic and our NMS.
>>
>> I have the eStreamer SDK on my syslog-ng server and wondered if anyone
>> else has worked on this. Search of the user archive says no.
>>
>>
>> Thanks
>> Scot
>>
>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=
>> syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170730/c776c89f/attachment.html>
More information about the syslog-ng
mailing list