dsvetlov
dsvetlov
I investigated similar problem with JOIN operator for searched. It rises same exception. My journey leads me to the problem that ttl was a possible parameter few years ago when...
So finally I found solution of my problem. You can find my PR here https://github.com/kiwiz/esquery/pull/2 You need to rebuild your container with this updated ESQuery lib.
Below you can find my repo with fixed docker and composer files. https://github.com/dsvetlov/411
@rhadw , did you tried to install it with ES7? What exactly doesn't work?
@rhadw , we made PR to fix these issues. Unless it would be meged you can use 411 fork in @golaso repository or in mine. https://github.com/golaso/411 https://github.com/dsvetlov/411
> I sometimes see issues with syslog message size errors > Yes, I have same error sometimes. It's because originally syslog was designed only for UDP and was limited with...
@craiglawson, ossec alert via lumberjack have already implemented. And it works very nice. You can try it.
This thread contains some configuration examples for json input. https://groups.google.com/forum/#!searchin/ossec-list/json/ossec-list/I5CytZEjV_E/eHf8UJ40T40J
Hi, Craig! I'm endeavor to use IDMEF format for alert formatting. It have RFC and very comprehencive. IDMEF format assumes that analyzers can be chained. And OSSEC assumes that too....
@craiglawson, I think we can add a config for logstash. It config will make custom transforms for users. That way all configs will be consistent with master branch, but end...