Modsecurity logs as an Input source

Dears,

I am new to graylog and i want to know is there a way to configure graylog with a WAF appliance and to get the modsecurity logs as an input , if that possible is there a plugin for that and what is the needed configuration

Regards,
Ahmad

Ingesting logs of mod_security shouldn’t be different from ingesting logs of any other application writing textual log files to disk.

You can use Filebeat or NXLOG for reading the log file(s) and sending the log messages to Graylog.

There are also ready-to-use Logstash configurations which you can deploy to your environment:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.