Re: Logstash Grok patterns

munroe · ‎02-09-2023

Any other people using the ELK stack for their network logging infrastructure happen to have a decently complete grok pattern file for Cisco network equipment? As a bonus, does anyone have a set of patterns that support ECS (Elastic Common Schema)?

balaji.bandi · ‎02-09-2023

Not really you get in hand, depends on logs you build grok patterns.

you can find some example here :

https://github.com/mrjohnson1024/graylog-extractors/blob/master/exported-FirePOWER-extractors.json

i spent good time to undertand the grok, but after long struggle i could able to get from dfferent logs to stream line,. but that is custom requirement.

i was used that it works as expected in graylog.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

munroe · ‎02-09-2023

Right, I understand. However, everyone is probably duplicating effort writing their own rules. Also, if someone who is intimately familiar with Cisco logging (someone who works at Cisco perhaps) spent a little time building a complete grok file, it would reduce everyone's toil and probably result in a better overall experience.

Our "grok as your need it" method is fine, but hardly efficient or complete.

balaji.bandi · ‎02-10-2023

Agreed - if you go any commercial one Like splunk or any other tools you do not need to do anything (but what cost very important)

as cost effective most people to look for opensource where they can to save lot money (but different requirement)

I am sure cisco do have some products to analyse logs and give you alerts based on that logs.

its all how you want to invest time and money. you can add wish list, or you can contribute to community if you like to (welcome).

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help