client-python icon indicating copy to clipboard operation
client-python copied to clipboard
verified publisher icon OpenCTI-Platform

Implement log shipping to Graylog via GELF (#809)

Open bnazare opened this issue 1 year ago • 1 comments

Proposed changes

  • Shipping of logs to Graylog via GELF

Related issues

There are no related issues but this subject has been previously discussed with Linkare within the scope of the OpenCTI implementation for the Centre for Cybersecurity Belgium (https://ccb.belgium.be/).

Checklist

  • [x] I consider the submitted work as finished
  • [x] I tested the code for its functionality
  • [ ] I wrote test cases for the relevant uses case
  • [x] I added/update the relevant documentation (either on github or on notion)
  • [ ] Where necessary I refactored code to improve the overall quality

Further comments

We enabled the new functionality in the configuration of some of the existing test cases. However, there are currently no new assertions being made as that would require the set-up of an entire Graylog infrastructure during tests, which is a much more involved task. Effectively, this means that the new code is being exercised but all log shipping is being shipped to a closed port and any network errors are silently ignored.

bnazare avatar Nov 11 '24 18:11 bnazare

This PR is a counterpart to OpenCTI-Platform/opencti#8410.

bnazare avatar Nov 11 '24 20:11 bnazare

Conflicts will need to be resolved before being able to merge this PR

JeremyCloarec avatar Apr 11 '25 09:04 JeremyCloarec

Please be aware that we have added a "stalled" label on this PR since there's no movement since a while. Without any further update in coming month(s), we'll close this PR.

Thanks for your contribution.

nino-filigran avatar Aug 29 '25 08:08 nino-filigran

Hello @bnazare,

We hope you're doing well! We noticed your pull request has been inactive for a while, and we wanted to check in to see if you need any assistance or have any questions.

We really value your contribution and would love to help you get it merged. If you're still interested in moving forward with this PR, please let us know if there's anything blocking you.

Timeline reminder: If we don't hear from you within 30 days, we'll mark this PR as stalled. Stalled PRs are automatically closed after an additional 30 days of inactivity. Don't worry though, you can always reopen it later if needed!

Please feel free to respond whenever you have time. We understand that life gets busy, and there's no pressure.

Thank you again for taking the time to contribute to our project. Your efforts help make our community better!

Kind regards,

Alice

alice-debra avatar Sep 26 '25 09:09 alice-debra