This blog post is going to cover how to ingest OSquery logs with Rsyslog v8. Most setups I have come across have Rsyslog ingesting the logs from disk, but this setup will ingest logs via the system journal. OSquery supports writing logs to disk and to the system journal. This post also contains a setup via Ansible and a manual walkthrough. Lastly, explanations of Rsyslog and OSquery configs.
HoldMyBeer
Cause every great story starts with "Hold my beer"
Category Archives: Logging
Install/Setup Graylog 3 on Ubuntu 18.04 – Zeeks logs + threat intel pipeline
Graylog has released version 3 with new features and major changes. This blog post will explain how to setup up Graylog version 3 on an Ubuntu server. Once Graylog is running, we will explore setting up logging clients, logging inputs, data extractors, threat intel pipelines, Slack alerts, dashboards and more.