[netsa-tools-discuss] probing alternate logging options for analysis pipeline
asad
a.alii85 at gmail.com
Tue Nov 10 03:08:34 EST 2015
Hello,
I have already move the alert.log files to SIEM box using tail2syslog
script. The format is '|' delimited and is explained beautifully in
the 'pipeline.sdkfilereader.properties'.
I want to know using log-destination field in pipeline.conf , If i set
it to 'syslog' what benefit can i get in terms of its usage (more
enriched data format ?).
Also, the live dvd I'm using for silk is not complied with libsnarf
support, so is there an options to recompile with libsnarf support
also by using 'snarf-destination' field can i specify a tcp syslog
destination which is snarfd for example another syslog server
listening on tcp port 514?
Thanks.
regards
asad
More information about the netsa-tools-discuss
mailing list