Processing ModSecurity audit logs with Fluentd

Recently had a need to take tons of raw ModSecurity audit logs and make use of them. First used Logstash and then attempted with Apache Flume (see previous articles). Next in line was Fluentd which is what this article is about, long story short I ended up just having to write a Fluentd output plugin to take the output … Continue reading Processing ModSecurity audit logs with Fluentd

Deserializing Modsecurity Audit logs with Apache Flume

This post will be updated in the coming days/weeks, however when looking at using Apache Flume to ingest some ModSecurity Audit logs, it quickly became apparent that Flume's SpoolingDirectorySource lacked the ability to de-serialized "events" from a file that spanned many "new lines" (\n). Lacking this support, and seeing that an outstanding ticket already existed … Continue reading Deserializing Modsecurity Audit logs with Apache Flume