We want to store all the sudo io log files in elastic. We are defining the schema for it but not sure how the data from TTYIN, TTYOUT, STDIN, STDOUT , STDERR can be stored for each session. we are thinking each of these files to be a column in the schema and every row is represented by a unique TSID (sudo session id). how can the data from TTYIN, TTYOUT, STDIN, STDOUT , STDERR can be parsed and stored in ElasticSearch? Any pointers on schema definition from SUDO I/O logging perspective would be of help! Thanks
we are able to save all data in log file as key word and rest of the data as TEXT field.
Have you looked at using Logstash to parse the data?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.