[syslog-ng] Syslog-ng and NetSkope JSON logs
Scheidler, Balázs
balazs.scheidler at oneidentity.com
Thu Dec 20 14:54:43 UTC 2018
Hi,
this config file just opens a tcp listener on port 51400 and then writes
anything that receives from there into a logfile. I don't really understand
what you would like to achieve?
On Thu, Dec 20, 2018 at 3:43 PM Garcia, Julio (InfoSec) <
julgarcia at corelogic.com> wrote:
> Hi, I’m trying to get a valid json formatted log file. I’ve tried several
> options but none of them seem to work or parse out the data correctly.
>
>
>
> Here’s what the syslog-ng config looks like.
>
>
>
> @version:3.14
>
> @include "scl.conf"
>
>
>
> # syslog-ng configuration file.
>
> #
>
> # See syslog-ng(8) and syslog-ng.conf(5) for more information.
>
> #
>
> # Note: it also sources additional configuration files (*.conf)
>
> # located in /etc/syslog-ng/conf.d/
>
>
>
> ######################################
>
> #Sources
>
> ######################################
>
>
>
> source s_netskope {
>
> tcp(ip(0.0.0.0) port(51410));
>
> };
>
>
>
> ######################################
>
> #Destinations
>
> ######################################
>
>
>
> destination d_netskope { file(
> "/data/log/syslog/netskope/$HOST/$YEAR-$MONTH-$DAY-netskope.log"
> create_dirs(yes)); };
>
>
>
> ######################################
>
> # Filters
>
> ######################################
>
>
>
> ######################################
>
> # Log
>
> ######################################
>
>
>
> log { source( s_netskope); destination(d_netskope); };
>
>
>
> options {
>
> flush_lines (0);
>
> time_reopen (10);
>
> log_fifo_size (1000);
>
> chain_hostnames (off);
>
> use_dns (no);
>
> use_fqdn (no);
>
> create_dirs (no);
>
> keep_hostname (yes);
>
> owner("user01");
>
> group("user01");
>
> dir-owner("user01");
>
> dir-group("user01");
>
> dir-perm(0755);
>
> perm(0755);
>
> };
>
>
>
> Any help is greatly appreciated.
>
>
>
> Thank you,
>
>
>
> *Julio Garcia*
> Pro, Information Security Engineer
> *CoreLogic*
>
> *Direct* (949) 214-1284
> *Mobile* (714) 474-5254
> *julgarcia at corelogic.com <julgarcia at corelogic.com> *
>
> corelogic.com <http://www.corelogic.com/> | Blog
> <http://www.corelogic.com/blog/default.aspx>
> LinkedIn <http://www.linkedin.com/company/corelogic> | Twitter
> <http://twitter.com/corelogicinc> | Facebook
> <http://www.facebook.com/CoreLogic> | Google+
> <https://plus.google.com/114618839782139347829>
>
> *Our Vision: *Deliver unique property-level insights that power the
> global real estate economy
>
>
>
> ******************************************************************************************
>
> This message may contain confidential or proprietary information intended
> only for the use of the
> addressee(s) named above or may contain information that is legally
> privileged. If you are
> not the intended addressee, or the person responsible for delivering it to
> the intended addressee,
> you are hereby notified that reading, disseminating, distributing or
> copying this message is strictly
> prohibited. If you have received this message by mistake, please
> immediately notify us by
> replying to the message and delete the original message and any copies
> immediately thereafter.
>
> Thank you.
> ******************************************************************************************
>
> CLLD
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20181220/427ad94d/attachment-0001.html>
More information about the syslog-ng
mailing list