4. OpenAppID Stats

OpenAppID Stats

  • N

    I'm trying to get the openapp id stats to elk.

    Using the u2openappid command to get the data into a logfile. This Logfile can then be send to logstash using syslog-ng.
    The problem i'am facing is that the file has a different name (timestamp) every time. hoping to use a cronjob running someting like this:

    u2openappid /var/log/snort/snort_em02035/app-stats.log.* > /var/syslog-ng/openappid.log

    And then use syslog-ng to tail the file:

    {
    syslog(transport(udp) port(5150) ip(127.0.0.1));
    file(“/var/syslog-ng/openappid.log” program_override(“OpenAppID”) flags(no-parse) follow_freq(1) );
    };

    Anybody been trying the same?
    The result should be easy to parse using logstash so the problem is more getting it there.

    Grok:
    statTime="1428925680",appName="amazon",txBytes="45553",rxBytes="52296"
    statTime="%{WORD:timestamp}",appName="%{WORD:appName}",txBytes="%{INT:app_txBytes}",rxBytes="%{INT:app_rxBytes}"

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy