IIS ELSA Parser

unread,

Jul 16, 2015, 6:32:42 PM7/16/15

to securit...@googlegroups.com

If anyone is interested attached is a parser for IIS logs being sent via OSSEC.

Currently it parses logs using the default settings in IIS plus ALL fields selected. Goes into current URL class in ELSA.

Still has more testing but seems to work for me from IIS 7+.

elsa_iis.xml

unread,

Jul 16, 2015, 7:59:59 PM7/16/15

to securit...@googlegroups.com

Hi James,

Thanks for the parser!

I've created the following issue for this:

Issue 780: securityonion-elsa-extras: add parser for IIS logs
https://github.com/Security-Onion-Solutions/security-onion/issues/780

> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.

--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com

unread,

Jul 20, 2015, 12:24:19 PM7/20/15

to securit...@googlegroups.com

Thanks Doug, I will finish testing and create a PR.

Reply all

Reply to author

Forward