[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-dev
Subject: Re: [ossec-dev] os_csyslogd patch for JSON and Splunk style output
From: Brad Lhotsky <brad.lhotsky () gmail ! com>
Date: 2012-09-01 10:00:55
Message-ID: 1ac9dfad-36df-4b10-a6d6-5055fd033d54 () googlegroups ! com
[Download RAW message or body]
Whoops! :)
Thanks for catching that.. I was fighting the hg merge as I had originally
patched off Daniel's tree.
On Saturday, September 1, 2012 1:05:17 AM UTC+2, JB Cheng wrote:
>
> Brad,
>
> Thank you for your contribution to add "json" and "splunk" to the allowed
> <syslog_output> <format>.
> I tested your patch and found an extra ' }' at the end of the splunk
> syslog output.
> After removing it I have merged your patch to
> https://bitbucket.org/jbcheng/ossec-hids/ and it will be part of the
> upcoming OSSEC 2.7 release.
> Excellent job!
>
> On Friday, August 31, 2012 8:14:43 AM UTC-7, David M. Zendzian wrote:
>>
>> Brad
>> Nice patch!
>>
>> On 08/31/2012 05:29 AM, Brad Lhotsky wrote:
>> > Attached patch adds two new options for the output format of
>> os_csyslogd:
>> >
>> > <format>json</format>
>> > and
>> > <format>splunk</format>
>> >
>> > I also cleaned up the code some by replacing the repetitive checks for
>> > defined, "(none)", and "(unknown)" into a field_add_string() and
>> > field_add_int().
>> >
>> > I've been using this code in production for about 3 months now without
>> > issue. It makes feeding data into something like LogStash really nice.
>> >
>> > --
>> > Brad Lhotsky
>>
>>
>> --
>> David M. Zendzian | Managing Partner | ZZ Servers
>> 268 Bush St. #4127 | San Francisco, CA 94104
>> T: 415-593-5593 ext 369 | F: 415-901-6625
>>
>> Email : d...@zzservers.com
>>
>> Business Hosting Solutions | PCI | HIPAA
>> Managed Hosting Specialists
>>
>>
>>
[Attachment #3 (text/html)]
Whoops! :)<div><br></div><div>Thanks for catching that.. I was fighting the hg merge \
as I had originally patched off Daniel's tree.<br><br>On Saturday, September 1, 2012 \
1:05:17 AM UTC+2, JB Cheng wrote:<blockquote class="gmail_quote" style="margin: \
0;margin-left: 0.8ex;border-left: 1px #ccc solid;padding-left: \
1ex;">Brad,<div><br><div>Thank you for your contribution to add "json" and "splunk" \
to the allowed <syslog_output> <format>.</div><div>I tested your patch \
and found an extra ' }' at the end of the splunk syslog output. </div><div>After \
removing it I have merged your patch to <a \
href="https://bitbucket.org/jbcheng/ossec-hids/" \
target="_blank">https://bitbucket.org/jbcheng/<wbr>ossec-hids/</a> and it will \
be part of the upcoming OSSEC 2.7 release.</div><div>Excellent \
job!<br></div><div><br>On Friday, August 31, 2012 8:14:43 AM UTC-7, David M. Zendzian \
wrote:<blockquote class="gmail_quote" \
style="margin:0;margin-left:0.8ex;border-left:1px #ccc solid;padding-left:1ex">Brad \
<br> Nice patch! <br>
<br>On 08/31/2012 05:29 AM, Brad Lhotsky wrote:
<br>> Attached patch adds two new options for the output format of os_csyslogd:
<br>>
<br>> <format>json</format>
<br>> and
<br>> <format>splunk</format>
<br>>
<br>> I also cleaned up the code some by replacing the repetitive checks for
<br>> defined, "(none)", and "(unknown)" into a field_add_string() and
<br>> field_add_int().
<br>>
<br>> I've been using this code in production for about 3 months now without
<br>> issue. It makes feeding data into something like LogStash really nice.
<br>>
<br>> --
<br>> Brad Lhotsky
<br>
<br>
<br>--
<br>David M. Zendzian | Managing Partner | ZZ Servers
<br>268 Bush St. #4127 | San Francisco, CA 94104
<br><span>T: <span id="gc-number-2" class="gc-cs-link" title="Call with Google \
Voice">415-593-5593</span><span> ext 369 | F: <span id="gc-number-3" \
class="gc-cs-link" title="Call with Google Voice">415-901-6625</span> \
</span></span><br> <br>Email : <a>d...@zzservers.com</a>
<br>
<br>Business Hosting Solutions | PCI | HIPAA
<br>Managed Hosting Specialists
<br>
<br>
<br></blockquote></div></div></blockquote></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic