[Zeek] syslog

Scot Harris SHARRIS at hollywoodfl.org
Wed Jun 24 04:53:30 PDT 2020


Does zeek have support to send syslog events?

Looked in the logger and notice frameworks but did not see anything there.

Documentation has a fair amount about ingesting syslog messages but nothing about outputting them.

Running zeek 3.1.1 currently.

Wanted to be able to send certain events such as SSH password guessing events to a syslog server which can open tickets on such events.

Guessing would need to add another type to the logger framework with config items in zeekctl.cfg for the syslog server address.
And use logger -n with that option to send the message to the specific host.

Ideas?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200624/8dfe5c68/attachment.html 


More information about the Zeek mailing list