OSSEC with Graylog

mudassir · November 10, 2017, 6:20pm

Hi Everybody,

i tried to configure OSSEC with Graylog and its working but the problem is Graylog cannt process those logs.
logs are unstructured and cannot be indexed.

Anybody faces same issue?

Kindly leave your valuable suggestions…

Thank you.

jochen · November 11, 2017, 8:59am

What type of logs are you referring to?
Have you seen the CEF plugin in the Graylog Marketplace?

mudassir · November 11, 2017, 9:04am

i am using Graylog Beta 2.4 version which is being shipped with CEF plugin by default, i check the plugin directory also and CEF plugin is there. I started input in graylog with CEF format and then entered the same port and graylog IP in OSSEC Server. I can see the logs in graylog but those are unstructured and i can see in graylog metrics as failures about those messages.

Thank you

jochen · November 11, 2017, 3:04pm

Maybe you could add some example messages to this GitHub issue so we can try to reproduce the problem:

system · November 25, 2017, 3:04pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Collect SentinelOne logs? Graylog Central (peer support)	3	662	November 2, 2022
List of log samples that might be helpful Graylog Central (peer support)	0	431	April 11, 2017
blogLog: Top Graylog Community Members Interview with @shoothub blogLog pipeline-rules	4	849	August 31, 2021
SIEM open source and Graylog Graylog Central (peer support)	2	540	April 9, 2020
There are no logs on graylog Graylog Central (peer support)	3	414	December 2, 2019

OSSEC with Graylog

Related Topics