Yogger is a systemd service for scanning logstash logs with yara rules
Clone the repo and run the setup script.
git@github.com:IntegralDefense/yogger.git
cd yogger
./setup.shAdd an entry for saq_aggregator to your /etc/hosts file
127.0.0.1 saq_aggregator
# start yogger
sudo systemctl start yogger
# stop yogger
sudo systemctl stop yogger