[Bro-Dev] best way to apply NLP to syslog entries?

Jan Grashöfer jan.grashoefer at gmail.com
Fri Nov 9 02:56:09 PST 2018


Hi Karl,

On 08/11/2018 23:29, Karl Pietrzak wrote:
> We're working on analyzing semi-structured logs (such as syslog, Windows
> events, etc.), and I'm trying to figure out if Bro/Zeek is the right tool
> for the job.
> 
> ...
> 
> Maybe there is other, better ways to do this.  Any advice on this matter
> would be appreciated!

you might want to have a look at https://github.com/J-Gras/bro-lognorm. 
It integrates liblognorm into Bro to parse for example syslog messages. 
The only thing you need is an appropriate rulebase (so no NLP here).

Jan


More information about the bro-dev mailing list