RedELK icon indicating copy to clipboard operation
RedELK copied to clipboard

Published 20 hours ago verified publisher icon outflanknl

Standardize RedELK scripts logging

Open fastlorenzo opened this issue 4 years ago • 3 comments

The logging of the different internal scripts (enrich, alarm, etc) should be standardized and ingested back into ES.

The main idea being to have a view on the status of RedELK itself (e.g. making a dashboard + adding alerting in case of issues)

fastlorenzo avatar Sep 27 '20 19:09 fastlorenzo

addressed in #66 #67 #68 #69 #72

fastlorenzo avatar Nov 01 '20 12:11 fastlorenzo

Currently, only the last run log are being put in ES. We should see if the full log of the daemon script can be sent to ES. Should be feasible with a logging formatter in python.

fastlorenzo avatar Apr 05 '21 10:04 fastlorenzo

Revised approach: store the outcome of each module in ES (to have history)

fastlorenzo avatar Feb 17 '23 10:02 fastlorenzo