-
Notifications
You must be signed in to change notification settings - Fork 11
Rsyslog configuration
major edited this page Aug 20, 2019
·
1 revision
You can use Darwin with Rsyslog, thanks to the mmdarwin internal plugin which will send arguments to any filter.
Here is an example of a configuration file:
module(load="imtcp")
module(load="mmjsonparse")
module(load="mmdarwin")
input(type="imtcp" port="8042" Ruleset="darwinruleset")
ruleset(name="darwinruleset") {
action(type="mmjsonparse" cookie="")
action(type="mmdarwin" socketpath="/path/to/reputation_1.sock" fields=["!srcip", "ATTACK;TOR"] key="reputation" response="back" filtercode="0x72657075")
call darwinoutput
}
ruleset(name="darwinoutput") {
action(type="omfile" file="/path/to/darwin_output.log")
}