Fluentd Twistlock parser

Use this plugin to Parse Twistlock syslog message into Hashmap. This Make it easy to index in elasticsearch. The Audit Event from twistlock consists of helpfull messages that can be used in SIEM.

Feature:

Parsing of message string into Hashmap and signing with private key. This feature is developed to so that data integrigty can be verified at any given point of time. Various compliances like FedRAMP, PCI etc demands for controls where logging data integrity can be checked.

Prerequisite:

openssl genrsa -out private.pem 1024
openssl rsa -in private.pem -out public.pem -pubout -outform PEM

Usage:

<filter twistsyslog.*.*>
  @type twistlock_syslog
  key_path /fluentd/etc/private.pem
  key_name message
</filter>

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
lib/fluent/plugin		lib/fluent/plugin
test		test
Gemfile		Gemfile
Gemfile.lock		Gemfile.lock
LICENSE		LICENSE
README.md		README.md
Rakefile		Rakefile
fluent-plugin-twistlock-syslog.gemspec		fluent-plugin-twistlock-syslog.gemspec

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Fluentd Twistlock parser

Feature:

Prerequisite:

Usage:

About

Uh oh!

Releases

Packages

Uh oh!

Contributors 2

Uh oh!

Languages

License

nronix/fluentd-filter-twistlock-syslog

Folders and files

Latest commit

History

Repository files navigation

Fluentd Twistlock parser

Feature:

Prerequisite:

Usage:

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 2

Uh oh!

Languages

Packages