SOCTools monitors itself which means that there is already support for receiving and parsing the following data:
SOCTools monitors itself which means that there is already support for receiving and parsing the data from the following systems:
* Misp
* Haproxy
* Kibana
...
...
@@ -14,7 +14,7 @@ In addtion there is also support for:
* Suricata EVE logs
* Zeek logs
Additional logs can be sent to the SOCTools server on port 6000 using Filebeat. The typical configuration is:
Additional logs of this type can be sent to the SOCTools server on port 6000 using Filebeat. The typical configuration is:
```
filebeat.inputs:
...
...
@@ -30,7 +30,7 @@ output.logstash:
loadbalance: true
```
The extra filed log_type tells Nifi how it should route the data to the correct parser. The following values are currently supported:
The extra field log_type tells Nifi how it should route the data to the correct parser. The following values are currently supported:
* elasticsearch
* haproxy
* keycloak
...
...
@@ -68,4 +68,4 @@ Assume you have the following log data:
}
```
You want to enrich the client IP so you set the attribute enrich_ip1 to the value "/client/ip". To see more example and to see how logs are parsed, take a look at the process group "Data processing"->"Data input"->"SOCTools" in the NiFi GUI.
You want to enrich the client IP so you set the attribute enrich_ip1 to the value "/client/ip". To see more examples and to see how logs are parsed, take a look at the process group "Data processing"->"Data input"->"SOCTools" in the NiFi GUI.
