Project

fluent-plugin-twistlock-syslog

0.0
No commit activity in last 3 years
No release in over 3 years
fluent-plugin-twistlock-syslognronix/fluentd-filter-twistlock-syslogHomepageDocumentationSource CodeBug TrackerWiki
Filter plugin for Fluent to convert twistlock syslog message to hashmap for better SIEM data
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
5,487
Stars
0
Forks
0
Watchers
1
 Releases
Current version
1.0.2
Total releases
3
First release
2021-06-13
Latest release
2021-06-15
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2021-06-13
Reverse Dependencies
0

 Dependencies

Development

rake
>= 0.9.2
test-unit
>= 3.0.8

Runtime

fluentd
>= 0.10.58, < 2
 Project Readme

Fluentd Twistlock parser

Use this plugin to Parse Twistlock syslog message into Hashmap. This Make it easy to index in elasticsearch. The Audit Event from twistlock consists of helpfull messages that can be used in SIEM.

Feature:

Parsing of message string into Hashmap and signing with private key. This feature is developed to so that data integrigty can be verified at any given point of time. Various compliances like FedRAMP, PCI etc demands for controls where logging data integrity can be checked.

Prerequisite:

openssl genrsa -out private.pem 1024
openssl rsa -in private.pem -out public.pem -pubout -outform PEM

Usage:

<filter twistsyslog.*.*>
  @type twistlock_syslog
  key_path /fluentd/etc/private.pem
  key_name message
</filter>