Send JSON log to SO
#3004
Replies: 1 comment
-
|
How are you shipping these? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I've been using the standalone Wazuh server and it was pretty easy to write decoders for that but SO has me stuck. I've got a firewall log that is sent in JSON format that I would like to ingest into SO. This is a sample of a log entry that I'm trying to get:
Feb 8 09:07:50 INFO uvm[0]: {"reason":"BLOCK_CATEGORY","appName":"web_filter","requestLine":"GET http://bovada.lv/","sessionEvent":{"entitled":true,"protocol":6,"hostname":"DESKTOP-A01","CServerPort":80,"protocolName":"TCP","serverLatitude":37.751,"localAddr":"192.168.1.23","SServerAddr":"157.185.165.41","remoteAddr":"157.185.165.41","serverIntf":1,"CClientAddr":"192.168.1.23","serverCountry":"US","sessionId":105664232507787,"SClientAddr":"192.168.1.23","clientCountry":"XL","CClientPort":12582,"policyRuleId":1,"timeStamp":"2021-02-08 09:07:08.505","serverLongitude":-97.822,"clientIntf":2,"policyId":2,"SClientPort":12582,"bypassed":false,"SServerPort":80,"CServerAddr":"157.185.165.41","username":"user","tagsString":""},"timeStamp":"2021-02-08 09:07:50.509","flagged":true,"blocked":true,"category":"Gambling","ruleId":27,"class":"class com.untangle.app.web_filter.WebFilterEvent","categoryId":27}Any help getting me going in the right direction is appreciated!
Beta Was this translation helpful? Give feedback.
All reactions