viszsec

i have same issue as yours. the mime perhaps working fine. it just that thehive is unable to parse it. May need to do some tweaking stuff.

Hi Attila, Thank you for quick response. As we know, this deployment would be connected to Elastic cloud. I could not find an exact configurations of syntax for cloud.auth and...

Hi Attila, I followed exactly the same as instructed, but got an error when restarting. I am using syslog-ng core 3.25 version. Is it compatible with what you suggested? the...

Attilla, This time around, i installed centos with the syslog-ng version 3.34.. got error. Journalctl readings: > Oct 08 12:29:42 localhost.localdomain systemd[1]: syslog-ng.service: Main process exited, code=exited, status=1/FAILURE Oct 08...

Also do you think for https, we need to follow the instruction as written here? Search-Guard? https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.30/administration-guide/33

The conf i made shown below: > @version: 3.34 @include "scl.conf" options { use-uniqid(yes); }; source s_network { network( port(514) flags(no-parse) ); }; parser p_cisco { cisco-parser(); }; destination d_elastic...

> Hi @viszsec > > The config looks good with one change: `@Version` should be `@version` with a small `v`. The documentation you have linked is about our java implementation...

Also I found that the syslog-ng.conf not being executed after changes is made. Anything to reload or something? IF reloaded.. this came out: [syslog-ng@localhost syslog-ng]$ sudo syslog-ng-ctl reload Error connecting...

> flags(no-parse) is a driver specific option, whereas you have it in your source statement. I did not follow this thread, I just thought I'd mention it. It works with...

if im not mistaken, there's no way we can delete the org.