Open flori07 opened 10 years ago
mshirley
commented
8 years ago Until this is implemented you can use logstash (https://www.elastic.co/products/logstash) with the sqlite input plugin. Just make sure that you patch dionaea with https://github.com/rep/dionaea/pull/10 in order to create the id column that logstash needs.
Then you can use the logstash syslog output to send to your kiwi server.
mshirley
commented
8 years ago Here's a working logstash 2.1.0 config file that sends to the local syslog facility. Instead of the pipe output you can use the syslog output to send to a remote syslog server
input {
sqlite {
path => '/opt/dionaea/var/dionaea/logsql.sqlite'
exclude_tables => [ "dcerpcbinds", "dcerpcrequests", "dcerpcserviceops", "dcerpcservices", "downloads", "emu_profiles", "emu_services", "emu_services_old", "logins", "mssql_commands", "mssql_fingerprints", "mysql_command_args", "mysql_command_ops", "mysql_commands", "offers", "p0fs", "resolves", "sip_addrs", "sip_commands", "sip_sdp_connectiondatas", "sip_sdp_medias", "sip_sdp_origins", "sip_vias", "virustotals", "virustotalscans" ]
}
}
# logstash 2.1.0 and plugin causing seralization issue with the @db feild, remove it until it's fixed
filter {
mutate {
remove_field => ['db']
}
}
output {
pipe {
command => 'logger -i -t dionaea-sqlite'
}
}
hey, is it possible to log data from dionaea to a windows syslog server (KIWI syslog server -for example)?