Changes for version 0.008
- Change: e7f412e96ee3200c846a633bf0a004491b327993 Author: Brad Lhotsky <brad@divisionbyzero.net> Date : 2019-06-20 06:40:35 +0000
- Fix the data types of a few elements
- Change: 966698d60a7eebb562777530975cc8c816186314 Author: Brad Lhotsky <brad@divisionbyzero.net> Date : 2019-06-20 06:34:32 +0000
- Don't track log files in git
- Change: 67f1ed5cb9f21dc7cab7188e0d3b2db92ab03301 Author: Brad Lhotsky <brad@divisionbyzero.net> Date : 2019-06-19 06:50:40 +0000
- Fix message field in the syslog dictionary
- Change: c8c1462d45cdac2c9034e848e37e81e9e42b0473 Author: Brad Lhotsky <brad@divisionbyzero.net> Date : 2019-06-19 06:46:49 +0000
- Parse::Syslog::Line fixed postfix style tag parsing
- Change: abcc4c9e30f6222baea651cc2e889d4ee690289c Author: Brad Lhotsky <brad@divisionbyzero.net> Date : 2019-06-19 06:42:15 +0000
- Adding capacity to specify meta-data with fields
- This data will be used to construct an ElasticSearch mapping for the indices.
- Change: 4c5b61f91baaa5621b393f214a01ce8461f93530 Author: Brad Lhotsky <brad@divisionbyzero.net> Date : 2019-06-19 05:42:45 +0000
- Packaging fixes to make a Docker thing possible
- Change: a567725859f3f2413540f21bd1fc675fe0dc770e Author: Brad Lhotsky <brad@divisionbyzero.net> Date : 2019-06-19 05:42:45 +0000
- Version release preparation
- Change: c6615f11d9e8205e9bf5a1ff8a10221c2e2feda3 Author: Brad Lhotsky <brad@divisionbyzero.net> Date : 2019-05-20 17:16:23 +0000
- Fix missing POE parameter offsets
- Change: e265aa5dd1f4c82f7d64efb8c5bd74e0341a039b Author: Brad Lhotsky <brad@divisionbyzero.net> Date : 2018-09-11 09:29:44 +0000
- Fix typo in error message
Documentation
Utility for testing the logging contextualizer
Simple wrapper to spawn workers for handling syslog stream
Sample implementation using the eris toolkit to index data to elasticsearch
Utility for testing the logging contextualizer
Simple wrapper to spawn workers for handling syslog stream
Modules
Eris is the Greek Goddess of Chaos
Field dictionary loader
Contains fields in the Common Event Expression syntax
Contains fields eris adds to events
Debugging data in the event
Contains fields extracted from syslog messages
Structured log or event object implementation
Apply MaxMind GeoIP Data to events
Inspects URL's for common attack patterns
Parse crond messages to structured data
Parses dhcpd messages into structured data.
Parses iptables messages into structured data.
Parse the pfSense filterlog
Parses postfix messages into structured data
Parses the Snort and Suricata alert logs
Parse sshd logs into structured data
Add static keys/values to every message
Parses the sudo key=value pairs into structured documents
Parse the yum syslog output into structured data
Discovery and access for context objects
Primary interface to the eris log parsing library
Decodes any detected JSON in a log line from then opening curly brace
Parse the syslog headers using Parse::Syslog::Line
Discovery and access for decoders
Role for implementing a log context
Role for implementing decoders
Interface for implementing a dictionary object
Simple dictionary implementation based off a hash
Implements the plumbing for an object to support plugins
Common interface for implementing an eris plugin
Role for implementing a schema
Schema for the syslog data
Discovery and access for schemas