[netsa-tools-discuss] super_mediator log output
Gediminas Margis
gediminas.margis at gmail.com
Thu Mar 5 09:37:58 EST 2015
Hello,
You should go with something that all solutions understand: CSV or
key=value. Also propper timestamps and preferably one log per line. At the
moment I just cant retrieve a single log from those log file.
On Mar 5, 2015 3:58 PM, "Chris Inacio" <inacio at cert.org> wrote:
> Mr. Margis,
>
> Can you also let us know which SIEM you are trying to use. We are
> considering supporting more output formats, but would like to formats that
> cover the largest number of solutions.
>
>
> --
> Chris Inacio
> inacio at cert.org
>
>
>
> > On Mar 5, 2015, at 7:42 AM, Gediminas Margis <gediminas.margis at gmail.com>
> wrote:
> >
> > Hello,
> >
> > I went through the documentation of super_mediator, but I could not find
> if it is possible to get a single-line log per "event".
> >
> > At the moment everything goes to a separate line. Is it possible to get
> a single line for a full log per "http" requests including DPI information?
> >
> > The goal is to read these logs with SIEM solution. Now separate requests
> that happen at the same time cannot be extracted with multi-line parsing.
> >
> > --
> > Best Regards,
> >
> > Gediminas Margis,
> > +37068600659
> >
> > PGP Key-ID: 0xE6D92FE2FA3AD133
> > 77BD 9F67 F1CF 72B0 7273 E086 E6D9 2FE2 FA3A D133
>
>
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the netsa-tools-discuss
mailing list