This repository has been archived by the owner. It is now read-only.
Very simple and primitive Python script that sends ModSecurity JSON Audit Logs to Elasticsearch
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE
README.md
modsec_parser.py

README.md

ModSecurity JSON to Elasticsearch

please, read the following post before using it: https://medium.com/@themiddleblue/modsecurity-elasticsearch-kibana-40e4f8191e35

Usage:

python modsec_parser.py -d <auditlog directory>

Example:

$ python modsec_parser.py -d /usr/local/nginx/logs/modsecurity/www.example.com
Parsed /usr/local/nginx/logs/modsecurity/www.example.com/20171114/20171114-1714/20171114-171410-151067605036.512983
Sleeping for a while...

or run it in background

$ python modsec_parser.py -d /usr/local/nginx/logs/modsecurity/www.example.com > /dev/null 2>&1 &

Contributors

probably your python skills are better then mine, so all contributions are appreciated :)