Juraj Sakala sakalajuraj
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Content of the file /etc/logstash/conf.d/ossec.log | |
| # Logstash is on the same machine as OSSEC. | |
| # Logstash should run with OSSEC group privileges | |
| input { | |
| file { | |
| type => "OSSEC" | |
| path => "/var/ossec/logs/alerts/alerts.log" | |
| codec => multiline { | |
| pattern => "^\*\*" |
sakalajuraj
/ auditd.conf
Last active
May 24, 2022 17:26
Logstash configuration for auditd messages received via syslog
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Content of the file /etc/logstash/conf.d/auditd.conf | |
| # Tested on the CentOS 7 auditspd logs forwarded to logstash via rsyslog | |
| input { | |
| syslog { | |
| type => AUDITD | |
| port => xxxx | |
| host => "xxx.xxx.xxx.xxx" | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Content of the file /etc/logstash/conf.d/squid.conf | |
| # Squid logs MAC address of the source host | |
| # Logs are sending by syslog-ng raw without standard log headers | |
| input { | |
| tcp { | |
| host => "xxx.xxx.xxx.xxx" | |
| port => xxxx | |
| type => SQUID | |
| tags => [SQUID] |