Output logging to ELK - Githubissues

OWASP / Honeypot-Project

79 stars 27 forks source link

Output logging to ELK #4

Closed fzipi closed 5 years ago

fzipi commented 6 years ago

This is related to #2.

Develop a mechanism to convert from stored MySQL to JSON format.
Provide a mechanism to convert ModSecurity mlogc audit log output into JSON format.
Provide a mechanism to convert mlogc audit log output directly into ELK (ElasticSearch/Logstash/Kibana) to visualise the data.

fzipi commented 6 years ago

Fortunately, this can be easily achieved using


#configure audit logs to write JSON:
SecAuditLogFormat JSON
```.

See for example: https://www.cryptobells.com/mod_security-json-audit-logs-revisited/

fzipi commented 5 years ago

The PoC already pushes logs to ELK. Closing.