Graylog corporate server
28 views
Skip to first unread message
Marcus Rocha
Jul 26, 2017, 3:57:20 PM7/26/17
to Hogzilla Users
Hi,
I would like to start using our corporate graylog server. It seams that I can do this by updating "graylog_host" in pigtail.sh. However, is it possible to force Hogzilla to reload all of the previous data to the new server?
Best regards,
Marcus Rocha
I would like to start using our corporate graylog server. It seams that I can do this by updating "graylog_host" in pigtail.sh. However, is it possible to force Hogzilla to reload all of the previous data to the new server?
Best regards,
Marcus Rocha
Paulo Angelo
Jul 26, 2017, 5:01:56 PM7/26/17
to Marcus Rocha, Hogzilla Users
Hi Marcus,
Unfortunately no! Pigtail deletes the Hogzilla events in HBase to avoid (basically) redundancy.
[]'s
Paulo Angelo
Unfortunately no! Pigtail deletes the Hogzilla events in HBase to avoid (basically) redundancy.
[]'s
Paulo Angelo
--
You received this message because you are subscribed to the Google Groups "Hogzilla Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hogzilla+unsubscribe@googlegroups.com.
To post to this group, send email to hogz...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hogzilla/35d37d9b-fa3c-416c-83af-f8cc02523799%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Marcus Rocha
Jul 27, 2017, 10:07:16 AM7/27/17
to Hogzilla Users, mvr...@gmail.com, p...@pauloangelo.com
Hi Paulo!
Thus, i'll do the change asap ;-)
Still another doubt: does Hogzilla collects information in an internal cache before sending it do GrayLog? If so, is there a way to force it to send this information in advance?
()s... Marcus
Thus, i'll do the change asap ;-)
Still another doubt: does Hogzilla collects information in an internal cache before sending it do GrayLog? If so, is there a way to force it to send this information in advance?
()s... Marcus
Em quarta-feira, 26 de julho de 2017 18:01:56 UTC-3, Paulo Angelo escreveu:
Hi Marcus,
Unfortunately no! Pigtail deletes the Hogzilla events in HBase to avoid (basically) redundancy.
[]'s
Paulo Angelo
On Wed, Jul 26, 2017 at 4:57 PM, Marcus Rocha <mvr...@gmail.com> wrote:
Hi,
I would like to start using our corporate graylog server. It seams that I can do this by updating "graylog_host" in pigtail.sh. However, is it possible to force Hogzilla to reload all of the previous data to the new server?
Best regards,
Marcus Rocha
--
You received this message because you are subscribed to the Google Groups "Hogzilla Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hogzilla+u...@googlegroups.com.
Paulo Angelo
Jul 27, 2017, 8:41:26 PM7/27/17
to Marcus Rocha, Hogzilla Users, Paulo Angelo
Hi Marcus,
The Hogzilla IDS currently runs on intervals of 6h, when it generates the events and save them into HBase. PigTail runs on intervals of 10m, check for new events and send them to GrayLog (or Snorby).[]'s
To unsubscribe from this group and stop receiving emails from it, send an email to hogzilla+unsubscribe@googlegroups.com.
To post to this group, send email to hogz...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hogzilla/55967034-cf7a-421a-ae45-ef23b1f8747f%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages