[syslog-ng] Syslog-ng and NetSkope JSON logs

Garcia, Julio (InfoSec) julgarcia at corelogic.com
Thu Dec 20 14:42:40 UTC 2018 

Hi, I’m trying to get a valid json formatted log file. I’ve tried several options but none of them seem to work or parse out the data correctly.

Here’s what the syslog-ng config looks like.

@version:3.14
@include "scl.conf"

# syslog-ng configuration file.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# Note: it also sources additional configuration files (*.conf)
#       located in /etc/syslog-ng/conf.d/

######################################
#Sources
######################################

source s_netskope {
tcp(ip(0.0.0.0) port(51410));
};


######################################
#Destinations
######################################

destination d_netskope { file("/data/log/syslog/netskope/$HOST/$YEAR-$MONTH-$DAY-netskope.log" create_dirs(yes)); };


######################################
# Filters
######################################

######################################
# Log
######################################

log { source( s_netskope); destination(d_netskope); };

options {
   flush_lines (0);
   time_reopen (10);
   log_fifo_size (1000);
   chain_hostnames (off);
   use_dns (no);
   use_fqdn (no);
   create_dirs (no);
   keep_hostname (yes);
   owner("user01");
   group("user01");
   dir-owner("user01");
   dir-group("user01");
   dir-perm(0755);
   perm(0755);
};

Any help is greatly appreciated.

Thank you,

Julio Garcia
Pro, Information Security Engineer
CoreLogic

Direct (949) 214-1284
Mobile (714) 474-5254
julgarcia at corelogic.com<mailto:julgarcia at corelogic.com>

corelogic.com<http://www.corelogic.com/> |  Blog<http://www.corelogic.com/blog/default.aspx>
LinkedIn<http://www.linkedin.com/company/corelogic>  |  Twitter<http://twitter.com/corelogicinc> |  Facebook<http://www.facebook.com/CoreLogic>  |  Google+<https://plus.google.com/114618839782139347829>

Our Vision: Deliver unique property-level insights that power the global real estate economy

****************************************************************************************** 
This message may contain confidential or proprietary information intended only for the use of the 
addressee(s) named above or may contain information that is legally privileged. If you are 
not the intended addressee, or the person responsible for delivering it to the intended addressee, 
you are hereby notified that reading, disseminating, distributing or copying this message is strictly 
prohibited. If you have received this message by mistake, please immediately notify us by  
replying to the message and delete the original message and any copies immediately thereafter. 

Thank you. 
****************************************************************************************** 
CLLD
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20181220/6c44c66b/attachment-0001.html>

More information about the syslog-ng mailing list