[Snort-users] Logstash and snort

James Lay jlay at ...13475...
Tue Nov 5 22:15:03 EST 2013


Hey All,

So…I’ve been mucking with Logstash for a couple weeks, and here’s my attempt at getting it to go:

http://tinypic.com/r/24chymp/5

Below paste bin is my logstash.conf:

http://pastebin.com/GmGBAm1d

This config has a couple more items…noticeably iptables firewall hits and SASL failures.  You should be able to nuke those sections out if not applicable.  A quick and dirty go of it:

Download https://download.elasticsearch.org/logstash/logstash/logstash-1.2.2-flatjar.jar

change the path to your syslog file

run the web process first with (dump to background with &):  java -jar logstast-1.2.2-flatjar.jar web &

run the config process with: java -jar logstash-1.2.2-flatjar.jar agent -f logstash.conf

Wait a few, then point your browser to hostname:9292

Enjoy!

James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20131105/eb8d1e23/attachment.sig>


More information about the Snort-users mailing list