Searching a plugin for ELKstack like Splunk app for Stream

oraant · November 12, 2015, 10:14am

With Splunk app for Stream,when I login into mysql server from host1,the soft will capture the action and generate some message like this:

{"endtime":"2015-11-11T08:34:41.080784Z",
"timestamp":"2015-11-11T08:34:41.080784Z",
"count":1,
"src_ip":"192.168.18.132",
"src_port":46773,
"dest_ip":"192.168.18.131",
"dest_port":3306,
"login":"root",
"query":"",
"time_taken":26005,
"psrsvd_ss_time_taken":676260025}

And when i run a sql,it will capture the action and generate some message like this:

{"endtime":"2015-11-11T01:27:44.104973Z",
"timestamp":"2015-11-11T01:27:44.104973Z",
"count":1,
"src_ip":"192.168.18.132",
"src_port":37159,
"dest_ip":"192.168.18.131",
"dest_port":3306,
"login":"",
"query":"SELECT count(*) FROM `ecshop`.`ecs_category` WHERE is_show = 1 ",
"time_taken":629,
"psrsvd_ss_time_taken":395641}

And when I access Apache server,It can got the same thing like the source IP and port,the reply time,the url I'm looking,and so on.And it works for Oracle database,Email server,and so on.Here is the link with Supported procotol.

So,I'm searching plugins for logstash,or ELKstack,which can do things like that,or some software that can collect the information and input into logstash,or some workaround.

Christian_Dahlqvist · November 12, 2015, 9:11pm

Have you looked at PacketBeat?

oraant · November 13, 2015, 4:06am

Thanks bro,but seems like it doesn't support oracle.Is there any way else or some way to extend the PacketBeat?