Can we export logs to SIEM System

[sgiworks]

Hello Team,

Is there is possibility to export logs from Nagios Log Server to any other tool? for example SIEM [Security information and event management] tool.

Regards,
Swapnil

[scottwilkerson]

Not sure what system you are trying to connect to, but I will say that you can output logs data to additional locations, that could be another system, seperate log files, pass them through a script etc.

You can find this under Administration -> Global Configuration -> Show Output's button

[sgiworks]

We use RSA’s Security Analytics for the SIEM system which is located at different site, and would like to forward the logs from Nagios Log Server to this system? Is it possible?

[hsmith]

Using the output method that Scott mentioned in the previous post, it is likely possible.

Take a look at this page: https://www.elastic.co/guide/en/logstas ... ugins.html

[sgiworks]

Is there a Nagios Documentation for using additional output locations? or scripts?

[eloyd]

To hijack this thread for a minute, I'd love an "Export to Text" button on the "all events" list. We've got a file output filter to put things into a folder structure, but it would be really nice to be able to do a quick export of what's on the screen, without having to potentially correlate multiple output files.

[hsmith]

To hijack this thread for a minute, I'd love an "Export to Text" button on the "all events" list. We've got a file output filter to put things into a folder structure, but it would be really nice to be able to do a quick export of what's on the screen, without having to potentially correlate multiple output files.

A similar feature request has existed for awhile. We're aware of the demand for this feature.

Is there a Nagios Documentation for using additional output locations? or scripts?

There is not currently. Generally the documentation provided by Elastic can give good information about what you're trying to do. Our goal is for NLS to be the end point for your logs, so there's never been a giant demand to forward them to other logging solutions.

[eloyd]

I get that, but once you've spent time sorting, filtering, querying, and specifying time stamps, the resulting data set is often exactly what you need to export to put into a security response report. Meaning, it's MUCH easier to get this information from NLS than it is from the source logs.

I'll wait patiently for a new release.

[hsmith]

I don't disagree.

[eloyd]

We recently did an intrusion detection and analysis using nothing but NLS and NNA that went above and beyond what the customer's existing, highly paid network consultants could do. Being able to export NLS logs as text/PDF would have been awesome.