I got the plugin installed, and am looking into what I need to change to accept CEF messages from a Trend Micro Deep Security agent to be able to accept the logs as they come in. I have some logs incoming via Syslog and they work fine. Some of the services only send messages via CEF (common event format), and I'm not sure what else needs to be done once I installed the codec-cef for logstash.
Looking through the logstash document, examples are like this:
input {
tcp {
codec => cef { delimiter => "\r\n" }
# ...
}
}
I want udp on a certain port:
input {
udp {
codec => cef { delimiter => "\r\n" }
port => <myport#>
}
}
None of this seems to work though. Not seeing the CEF logs come through. Anymore examples of how this should be setup?
NLS Inputs for Common Event Format (CEF)/Logstash
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: NLS Inputs for Common Event Format (CEF)/Logstash
The cef codec wasn't available until Logstash 2.4 which we have not included in Nagios Log Server yet.
It is slated for the next release, which should be released in the not to distant future
It is slated for the next release, which should be released in the not to distant future