sof-elk
sof-elk copied to clipboard
philhagen
Configuration files for the SOF-ELK VM
Hello Phil, I've been testing your distribution and love it so far. I have successfully been able to use the SOFELK parser in gkape but I was wondering if it...
elasticsearch seems to do this automatically now. validate and remove if so.
See https://github.com/HASecuritySolutions/Logstash/tree/master/configfiles-OPTIONAL from @SMAPPER for root idea
Great idea from @pierre450 - need to review FOR509 documents to get their recommended methods of acquiring, exporting, and/or restructuring cloud logs for each type. could also tie this into...
currently installs 1.6.x needs 1.7.2+
The Azure logstash parser in the public release is processing a lot less entries that the older version which are still using in the FOR509 class version. Something has changed,...
Hi there, What if we format the Python scripts using [Black](https://github.com/psf/black)? I know this is opinionated, but somehow IMHO having a standardized code style will make the code more readable...
https://www.elastic.co/guide/en/beats/filebeat/current/syslog.html
esp for syslog, it seems there is a vastly different parsing being applied to filebeat-shipped sources than by syslog alone. need to dig in and see what the "supported" configuration...