[syslog-ng] Syslog-ng and NetSkope JSON logs

Scheidler, Balázs balazs.scheidler at oneidentity.com
Thu Dec 20 14:54:43 UTC 2018


Hi,

this config file just opens a tcp listener on port 51400 and then writes
anything that receives from there into a logfile. I don't really understand
what you would like to achieve?

On Thu, Dec 20, 2018 at 3:43 PM Garcia, Julio (InfoSec) <
julgarcia at corelogic.com> wrote:

> Hi, I’m trying to get a valid json formatted log file. I’ve tried several
> options but none of them seem to work or parse out the data correctly.
>
>
>
> Here’s what the syslog-ng config looks like.
>
>
>
> @version:3.14
>
> @include "scl.conf"
>
>
>
> # syslog-ng configuration file.
>
> #
>
> # See syslog-ng(8) and syslog-ng.conf(5) for more information.
>
> #
>
> # Note: it also sources additional configuration files (*.conf)
>
> #       located in /etc/syslog-ng/conf.d/
>
>
>
> ######################################
>
> #Sources
>
> ######################################
>
>
>
> source s_netskope {
>
> tcp(ip(0.0.0.0) port(51410));
>
> };
>
>
>
> ######################################
>
> #Destinations
>
> ######################################
>
>
>
> destination d_netskope { file(
> "/data/log/syslog/netskope/$HOST/$YEAR-$MONTH-$DAY-netskope.log"
> create_dirs(yes)); };
>
>
>
> ######################################
>
> # Filters
>
> ######################################
>
>
>
> ######################################
>
> # Log
>
> ######################################
>
>
>
> log { source( s_netskope); destination(d_netskope); };
>
>
>
> options {
>
>    flush_lines (0);
>
>    time_reopen (10);
>
>    log_fifo_size (1000);
>
>    chain_hostnames (off);
>
>    use_dns (no);
>
>    use_fqdn (no);
>
>    create_dirs (no);
>
>    keep_hostname (yes);
>
>    owner("user01");
>
>    group("user01");
>
>    dir-owner("user01");
>
>    dir-group("user01");
>
>    dir-perm(0755);
>
>    perm(0755);
>
> };
>
>
>
> Any help is greatly appreciated.
>
>
>
> Thank you,
>
>
>
> *Julio Garcia*
> Pro, Information Security Engineer
> *CoreLogic*
>
> *Direct* (949) 214-1284
> *Mobile* (714) 474-5254
> *julgarcia at corelogic.com <julgarcia at corelogic.com> *
>
> corelogic.com <http://www.corelogic.com/> |  Blog
> <http://www.corelogic.com/blog/default.aspx>
> LinkedIn <http://www.linkedin.com/company/corelogic>  |  Twitter
> <http://twitter.com/corelogicinc> |  Facebook
> <http://www.facebook.com/CoreLogic>  |  Google+
> <https://plus.google.com/114618839782139347829>
>
> *Our Vision: *Deliver unique property-level insights that power the
> global real estate economy
>
>
>
> ******************************************************************************************
>
> This message may contain confidential or proprietary information intended
> only for the use of the
> addressee(s) named above or may contain information that is legally
> privileged. If you are
> not the intended addressee, or the person responsible for delivering it to
> the intended addressee,
> you are hereby notified that reading, disseminating, distributing or
> copying this message is strictly
> prohibited. If you have received this message by mistake, please
> immediately notify us by
> replying to the message and delete the original message and any copies
> immediately thereafter.
>
> Thank you.
> ******************************************************************************************
>
> CLLD
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20181220/427ad94d/attachment-0001.html>


More information about the syslog-ng mailing list