OSSEC with Graylog

(mudassir) #1

Hi Everybody,

i tried to configure OSSEC with Graylog and its working but the problem is Graylog cannt process those logs.
logs are unstructured and cannot be indexed.

Anybody faces same issue?

Kindly leave your valuable suggestions…

Thank you.

(Jochen) #2

What type of logs are you referring to?
Have you seen the CEF plugin in the Graylog Marketplace?

(mudassir) #3

i am using Graylog Beta 2.4 version which is being shipped with CEF plugin by default, i check the plugin directory also and CEF plugin is there. I started input in graylog with CEF format and then entered the same port and graylog IP in OSSEC Server. I can see the logs in graylog but those are unstructured and i can see in graylog metrics as failures about those messages.

Thank you

(Jochen) #4

Maybe you could add some example messages to this GitHub issue so we can try to reproduce the problem:

(system) closed #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.