Changes for version 0.006

  • Change: b1231e5a3f970d07f07ec4e00cc4746634293c09 Author: Brad Lhotsky <brad@divisionbyzero.net> Date : 2017-12-04 01:18:50 +0000
    • Release 0.006 with the indexers fixed and the iptables context.
  • Change: a121f4f64caa7b60bbbe9da6b422fb7e33991799 Author: Brad Lhotsky <brad@divisionbyzero.net> Date : 2017-12-04 01:14:28 +0000
    • Fix the eris-es-indexer.pl
    • The config was pointing to the wrong depth in the hash. Ensure when the config is passed from the commandline, eris::schemas are instantiated correctly. Fix the mapping for the geo_point field in the geoip mapping.
    • Add the eris::log::context::iptables to parse iptables logs into the indexes.

Documentation

Utility for testing the logging contextualizer
Simple wrapper to spawn workers for handling syslog stream
Sample implementation using the eris toolkit to index data to elasticsearch
Utility for testing the logging contextualizer
Simple wrapper to spawn workers for handling syslog stream

Modules

Eris is the Greek Goddess of Chaos
Field dictionary loader
Contains fields in the Common Event Expression syntax
Contains fields eris adds to events
Debugging data in the event
Contains fields extracted from syslog messages
Structured log or event object implementation
Apply MaxMind GeoIPv2 Data to events
Inspects URL's for common attack patterns
Parse crond messages to structured data
Parses dhcpd messages into structured data.
Parses iptables messages into structured data.
Parse the pfsense filterlog
Parses postfix messages into structured data
Parses the Snort and Suricata alert logs
Parse sshd logs into structured data
Add static keys/values to every message
Parses the sudo key=value pairs into structured documents
Parse the yum syslog output into structured data
Discovery and access for context objects
Primary interface to the eris log parsing library
Decodes any detected JSON in a log line from then opening curly brace
Parse the syslog headers using Parse::Syslog::Line
Discovery and access for decoders
Role for implementing a log context
Role for implementing decoders
Interface for implementing a dictionary object
Simple dictionary implementation based off a hash
Implements the plumbing for an object to support plugins
Common interface for implementing an eris plugin
Role for implementing a schema
Schema for the syslog data
Discovery and access for schemas

Examples