[Snort-users] Logstash and snort
jlay at ...13475...
Tue Nov 5 22:15:03 EST 2013
So…I’ve been mucking with Logstash for a couple weeks, and here’s my attempt at getting it to go:
Below paste bin is my logstash.conf:
This config has a couple more items…noticeably iptables firewall hits and SASL failures. You should be able to nuke those sections out if not applicable. A quick and dirty go of it:
change the path to your syslog file
run the web process first with (dump to background with &): java -jar logstast-1.2.2-flatjar.jar web &
run the config process with: java -jar logstash-1.2.2-flatjar.jar agent -f logstash.conf
Wait a few, then point your browser to hostname:9292
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Snort-users