Page 1 of 5
Syslog Source Output as JSON Format
Posted: Fri Jul 12, 2019 12:47 am
by tcsdi
Hello,
I would like to ask if it is possible for my syslog source to be outputted as a JSON file?
Re: Syslog Source Output as JSON Format
Posted: Fri Jul 12, 2019 9:15 am
by cdienger
The file output will output to a file using the JSON format by default -
https://www.elastic.co/guide/en/logstas ... -file.html.
Re: Syslog Source Output as JSON Format
Posted: Mon Jul 15, 2019 9:16 pm
by tcsdi
Hi everyone,
Also, I like to ask if it's possible for Netflow to be converted to JSON?
Re: Syslog Source Output as JSON Format
Posted: Tue Jul 16, 2019 10:11 am
by cdienger
Are you trying to convert data to the JSON format and then trying to import it into NLS? I may have misunderstood your original request, and depending on your syslog environment you may be able to send the data over in a json format -
https://serverfault.com/questions/73092 ... son-format.
Newer versions of nfdump can be used to read netflow data and output JSON using the "-o json" option.
Re: Syslog Source Output as JSON Format
Posted: Wed Jul 17, 2019 8:10 pm
by tcsdi
Hello,
This is our current config for Netflow
input
output
I am receiving NetFlow logs but unable to output it.
Looking forward to your reply
Best Regards,
TCSDI
Re: Syslog Source Output as JSON Format
Posted: Thu Jul 18, 2019 2:35 pm
by cdienger
Yes, you can specify the
JSON codec:
Code: Select all
if [type] =~ /(nflow)/{
syslog {
host => "172.31.108.236"
port => 1524
sourcehost => "10.161.71.246"
codec => "json"
}
}
Re: Syslog Source Output as JSON Format
Posted: Thu Jul 18, 2019 10:43 pm
by tcsdi
Hi,
Thank you for your reply.
I will try this.
Also, I don't have to change anything in the "input" config?
this is how I see logs from Netflow.
Looking forward to your reply.
Regards,
Christian
Re: Syslog Source Output as JSON Format
Posted: Fri Jul 19, 2019 9:13 am
by cdienger
I was wondering about how the data was coming in and if you did anything to make it work with the syslog input. The syslog input requires data to be in RFC3164(
https://www.elastic.co/guide/en/logstas ... yslog.html) which netflow does not follow by default and I'm not sure what if any steps can take to make it.
The tcp input may be a better bet since it takes in raw data:
Code: Select all
tcp {
type => 'netflow'
port => 2055
codec => netflow
}
We do also have another solution that can accept netflow data that you may want to check out -
https://www.nagios.com/products/nagios- ... -analyzer/
Re: Syslog Source Output as JSON Format
Posted: Mon Jul 22, 2019 3:42 am
by tcsdi
Hi,
Thank you for your reply.
The current config now used is:
input
output
We can still receive input but don't see any output on port 1524, also tried removing the line for the source host still, no output is seen.
Please advise if there are any needed changes on the config.
Looking forward to your reply
Regards,
TCSDI
Re: Syslog Source Output as JSON Format
Posted: Mon Jul 22, 2019 10:50 am
by cdienger
The images were not attached. Please try attaching them again.