Hello,
I would like to ask if it is possible for my syslog source to be outputted as a JSON file?
Syslog Source Output as JSON Format
Re: Syslog Source Output as JSON Format
The file output will output to a file using the JSON format by default - https://www.elastic.co/guide/en/logstas ... -file.html.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Syslog Source Output as JSON Format
Hi everyone,
Also, I like to ask if it's possible for Netflow to be converted to JSON?
Also, I like to ask if it's possible for Netflow to be converted to JSON?
Re: Syslog Source Output as JSON Format
Are you trying to convert data to the JSON format and then trying to import it into NLS? I may have misunderstood your original request, and depending on your syslog environment you may be able to send the data over in a json format - https://serverfault.com/questions/73092 ... son-format.
Newer versions of nfdump can be used to read netflow data and output JSON using the "-o json" option.
Newer versions of nfdump can be used to read netflow data and output JSON using the "-o json" option.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Syslog Source Output as JSON Format
Hello,
This is our current config for Netflow
input
output
I am receiving NetFlow logs but unable to output it.
Looking forward to your reply
Best Regards,
TCSDI
This is our current config for Netflow
input
output
I am receiving NetFlow logs but unable to output it.
Looking forward to your reply
Best Regards,
TCSDI
Re: Syslog Source Output as JSON Format
Yes, you can specify the JSON codec:
Code: Select all
if [type] =~ /(nflow)/{
syslog {
host => "172.31.108.236"
port => 1524
sourcehost => "10.161.71.246"
codec => "json"
}
}As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Syslog Source Output as JSON Format
Hi,
Thank you for your reply.
I will try this.
Also, I don't have to change anything in the "input" config?
this is how I see logs from Netflow.
Looking forward to your reply.
Regards,
Christian
Thank you for your reply.
I will try this.
Also, I don't have to change anything in the "input" config?
this is how I see logs from Netflow.
Looking forward to your reply.
Regards,
Christian
Re: Syslog Source Output as JSON Format
I was wondering about how the data was coming in and if you did anything to make it work with the syslog input. The syslog input requires data to be in RFC3164(https://www.elastic.co/guide/en/logstas ... yslog.html) which netflow does not follow by default and I'm not sure what if any steps can take to make it.
The tcp input may be a better bet since it takes in raw data:
We do also have another solution that can accept netflow data that you may want to check out - https://www.nagios.com/products/nagios- ... -analyzer/
The tcp input may be a better bet since it takes in raw data:
Code: Select all
tcp {
type => 'netflow'
port => 2055
codec => netflow
}As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Syslog Source Output as JSON Format
Hi,
Thank you for your reply.
The current config now used is:
input
output
We can still receive input but don't see any output on port 1524, also tried removing the line for the source host still, no output is seen.
Please advise if there are any needed changes on the config.
Looking forward to your reply
Regards,
TCSDI
Thank you for your reply.
The current config now used is:
input
output
We can still receive input but don't see any output on port 1524, also tried removing the line for the source host still, no output is seen.
Please advise if there are any needed changes on the config.
Looking forward to your reply
Regards,
TCSDI
Re: Syslog Source Output as JSON Format
The images were not attached. Please try attaching them again.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.