Hi there,
Here is something that I am working on. I am setting up something like fail2ban, setting honeypots and collecting malicious IP addresses.
Now the thing I want to achieve is; dump those IP addresses on CSV file or directly on my HTTP server by aggregating, removing duplicates so that my firewall can pick up those entries and starts blocking on the fly.
Need some insight from Graylog front, pls…
This is certainly something that has been done many times before. But you won’t necessarily need Graylog for it. Not at all.
But if the logs for your honeypots etc are coming into Graylog, you can define an output stream which sends RAW data to a receiving socket. Or you can use the Graylog API to perform queries remotely and extract the IPs in that way.
That is interesting.
Yes the information is coming in Graylog. And yes again I am thinking of using Output Socket to block dump those into CSV or HTTP server.
Now the interesting stuff is using Graylog API and need more exploration on this.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
