New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
how to use from kafka msg? #3
Comments
I fail to grasp what you'd like to do. Please elaborate. |
I have written the data of audit.log to Kafka. How do I convert audit.log data from Kafka to Laurel JSON? |
There are two things to consider here
While I don't think that it makes a lot of sense to pipe your data from Kafka into Laurel, I think that centralized post-processing is an interesting use-case. |
I have collected all the audit.log on the IDC machine of our company through Filebeat to Kafka and analyzed the all audit.log using ELK. However, since the original audit.log was not intuitive and friendly, the data formatted through Laurel looked friendly and convenient for log analysis |
have any idea or plan ? |
I dont't think thats the usecase for LAUREL. It's use to generate a SIEM friendlier version of auditd.logs. You can collect those logs itself with filebeat I think. Or otherwise, use auditbeats if you're using ELK already? Just to clarify, LAUREL is not a "input auditd.logs and output SIEM-friendly logs"-tool. |
consume kafka msg, not audit.log file.
The text was updated successfully, but these errors were encountered: