Help with parser

[uxbod]

How would I go about writing the following out as JSON that could be then use with Kibana please ?

message Alert Level: 7; Rule: 510 - Host-based anomaly detection event (rootcheck).; Location: (testserver-01.local.net)192.168.1.103->rootcheck; Process '1141' hidden from kill (0) or getsid (1). Possible kernel-level rootkit.

[uxbod]

I have tried to switch OSSEC to write in JSON and the output looks like:

{"host":"testserver-01","ident":"ossec","message":"{ \"crit\": 8, \"id\": 5104, \"description\": \"Interface entered in promiscuous(sniffing) mode.\", \"component\": \"testserver-01->/var/log/messages\", \"classification\": \" syslog,linuxkernel,promisc,\", \"message\": \"Apr 23 09:28:39 testserver-01 kernel: device lo entered promiscuous mode\" }"}

How would I use the parser to extract those JSON fields please ?

[tagomoris]

To parse json message, you should just specify format json and key_name with field name of json value as README. Using kibana is out of this plugin. I don't know about it.