[Bro-Dev] best way to apply NLP to syslog entries?
Jan Grashöfer
jan.grashoefer at gmail.com
Fri Nov 9 02:56:09 PST 2018
Hi Karl,
On 08/11/2018 23:29, Karl Pietrzak wrote:
> We're working on analyzing semi-structured logs (such as syslog, Windows
> events, etc.), and I'm trying to figure out if Bro/Zeek is the right tool
> for the job.
>
> ...
>
> Maybe there is other, better ways to do this. Any advice on this matter
> would be appreciated!
you might want to have a look at https://github.com/J-Gras/bro-lognorm.
It integrates liblognorm into Bro to parse for example syslog messages.
The only thing you need is an appropriate rulebase (so no NLP here).
Jan
More information about the bro-dev
mailing list