Logstash and IDMEF


(Saidiahd) #1

Hi Folk,
is logstash support Collect, Enrich & Transport Data normalized in IDMEF (Intrusion Detection Message Exchange Format) format ?
IDMEF it's define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems and to the management systems that may need to interact with them. You can find all what you need about IDMEF in http://ietf.org/rfc/rfc4765.txt or throw this PDF http://ietf.org/rfc/rfc4765.txt.pdf.

cheers,


(Magnus B├Ąck) #2

There's nothing built-in for this but maybe it's possible to write a plugin for it. If you can give an example of what you want to do maybe those of us who don't know IDMEF could better assess Logstash's suitability.


(Mark Walkom) #3

I am sure you could write a codec for it hint hint :wink:


(system) #4