Azkabahn Posted November 20, 2017 Share Posted November 20, 2017 Hi, i would like to start this thread to get some insights if any of the other customers are using external syslog server to ship the logs from PasswordState. I am using ELK stack. Currently i am trying to create custom filters in Kibana to filter out the logs from PasswordState. I have the question, does the PasswordState always include "Passwordstate" value in the logs that are being sent to syslog server? host:X.X.X.X @timestamp:September 12th 2017, 17:17:29.728 @version:1 message:<110>2017-09-12 16:15:52 X.X.X.X Passwordstate: Failed 'Forms Based' login attempt for UserID 'n.lastname' from the IP Address 'X.X.X.X'. Client IP Address = X.X.X.X _id:AV_aAXYurEipAt82YaPZ _type:logs _index:%{type}-2017.11.20 _score: - Feature Request - it would be great to have support for TCP ports Link to comment Share on other sites More sharing options...
Azkabahn Posted November 21, 2017 Author Share Posted November 21, 2017 Another great feature would be get such logs in JSON format Link to comment Share on other sites More sharing options...
Azkabahn Posted December 5, 2017 Author Share Posted December 5, 2017 ping Link to comment Share on other sites More sharing options...
Buckit Posted September 6, 2018 Share Posted September 6, 2018 I'm currently fighting the syslog feed myself, putting it into Graylog (like @Sarge). In our case, I'm running into the issue that the default syslog parser reads the timestamp as the source name, leading to a large amount of different sources (instead of the single Passwordstate), with thousands of messages all appearing at 01:14:34 (for example). Link to comment Share on other sites More sharing options...
support Posted September 6, 2018 Share Posted September 6, 2018 Hi Guys, In the latest build, we' provided the option where you can specify your own date/time format for Syslog messages - go to the screen Administration -> System Settings -> Proxy & Syslog Servers, and you will see it. Regards Click Studios Link to comment Share on other sites More sharing options...
Sarge Posted September 7, 2018 Share Posted September 7, 2018 12 hours ago, Buckit said: I'm currently fighting the syslog feed myself, putting it into Graylog (like @Sarge). I got your PM last night, I'll check our Graylog and see if I'm seeing the same thing. We stopped looking into the implementation of Graylog at the moment due to other ongoing projects; so it hasn't been visited this year. Link to comment Share on other sites More sharing options...
Buckit Posted September 7, 2018 Share Posted September 7, 2018 @Sarge: Oof, that's a shame. Sorry to hear that! I'm currently running a PoC to try out a few logging platforms, and am definitely looking to push one through in the next two months. 7 hours ago, support said: In the latest build, we' provided the option where you can specify your own date/time format for Syslog messages - go to the screen Administration -> System Settings -> Proxy & Syslog Servers, and you will see it. Ahh that's cool! For now I'm on a release from two months ago though, but I'm looking forward to the new features! Link to comment Share on other sites More sharing options...
support Posted September 7, 2018 Share Posted September 7, 2018 Hi Guys, We had the following overnight from another customer who is now successfully using Greylog: "However, there was no question. I find in Internet specyfication of toString function and parameter format .Timezone is zzz. I set Date Formatting to yyyy-MM-ddTHH:mm:sszzz and output is correct.Thank you for solving the problem. " Regards Click Studios Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.