Log alerts to a file or syslog #344
Replies: 2 comments 6 replies
-
|
Thank you! Will be implemented in #348. |
Beta Was this translation helpful? Give feedback.
-
|
Quick update: I have a working implementation for UDP syslog (RFC 3164 and RFC 5424) ready. It sets all the standard fields and builds a message with Needs some docs and cleanup but will be included in next release. Date pending, but will be a matter of a few days. ✌️ |
Beta Was this translation helpful? Give feedback.
-
|
Awesome, I'm looking forward to it. Thanks! |
Beta Was this translation helpful? Give feedback.
-
|
Done and merged! #348 Will be included in the next release, which I hope will happen this weekend. |
Beta Was this translation helpful? Give feedback.
-
|
I just loaded a snapshot on my system and set it up to dump into Splunk. This looks great! Thank you. |
Beta Was this translation helpful? Give feedback.
-
|
Having also a alerts.log would be great for interacting both with splunk (in a encrypted way) for example or a third party script/binary. |
Beta Was this translation helpful? Give feedback.
-
|
Makes sense! I created a feature request ticket here: #438 |
Beta Was this translation helpful? Give feedback.
-
|
This is now done and will be included in v1.2.0 |
Beta Was this translation helpful? Give feedback.
-
I'd like the ability to pipe alerts from nzyme into Splunk or Elasticsearch without using Greylog. If they could be dumped to a file (or syslog) I could configure a listener/etc and use the existing alerting mechanism I have for my IDS and pipe them into an SIEM. It looks like the existing log file just has the system status but nothing about analyzed traffic.
Any chance of making this available, possibly by an option in the alerting section of the config file?
Beta Was this translation helpful? Give feedback.
All reactions