Can we export logs to SIEM System

[sgiworks]

Version 2015R1.0

[sgiworks]

Now upgraded to version Nagios Log Server (1.4.2)

[sgiworks]

[root@ip-10-2-4-222 ~]# /usr/local/nagioslogserver/logstash/bin/plugin install logstash-output-csv
Validating logstash-output-csv
Installing logstash-output-csv
Installation successful
[root@ip-10-2-4-222 ~]#


also created the output for CSV, let's waiting for some time and see if the test.csv populates

[mcapra]

Yeah, I suspect the outdated logstash version was the culprit there. We could've built a spec file for logstash 1.4, but updating NLS completely is definitely the superior option in my opinion

Let us know if the output rule isn't working right!

[sgiworks]

Fantastic Support, much appreciated.

One final question, how cab I forward the logs collected in NLS to a different server which runs Security Analytics software. What is the output method that I should be using?

Regards,
Swapnil

[mcapra]

It would depend on the format the analytics software is expecting.

Strictly speaking, you can format the output in just about any way by using existing logstash plugins or creating your own. If the analytics software has it's own filtering rules, you could also just pass the raw log message and have the analytics software handle interpreting the data.

[sgiworks]

What is the frequency of the output csv file? does it transmit real-time data?

[eloyd]

Any output filter sends its data as soon as logstash is done with the input filter side of the equation. So yes, it's real time.

[mcapra]

Thanks @eloyd!

[sgiworks]

Could you please help me to write a code for sending events to a generic HTTP or HTTPS endpoint? We are planning to install logstash-output-http plugin from https://www.elastic.co/guide/en/logstas ... ugins.html