[Zeek] syslog
Darren S.
phatbuckett at gmail.com
Wed Jun 24 15:20:55 PDT 2020
Apologies as this isn’t the question you asked - but are you able to use a
file reader agent that can output to Sysmon? There is a plugin option for
Fluentd, and a syslog server like Syslogng can read from file and forward.
May be other options as well.
On Wed, Jun 24, 2020 at 4:55 AM Scot Harris <SHARRIS at hollywoodfl.org> wrote:
>
>
> Does zeek have support to send syslog events?
>
>
>
> Looked in the logger and notice frameworks but did not see anything there.
>
>
>
> Documentation has a fair amount about ingesting syslog messages but
> nothing about outputting them.
>
>
>
> Running zeek 3.1.1 currently.
>
>
>
> Wanted to be able to send certain events such as SSH password guessing
> events to a syslog server which can open tickets on such events.
>
>
>
> Guessing would need to add another type to the logger framework with
> config items in zeekctl.cfg for the syslog server address.
>
> And use logger –n with that option to send the message to the specific
> host.
>
>
>
> Ideas?
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
Darren Spruell
phatbuckett at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200624/48514a27/attachment.html
More information about the Zeek
mailing list