ELK Output

[GoogleCodeExporter]

:)

Original issue reported on code.google.com by tnn...@googlemail.com on 14 Sep 2014 at 5:50

[GoogleCodeExporter]

In case anyone's interested, I've written a Python application that takes 
HonSSH data files and puts them into an Elasticsearch database. It's at PyPI: ( 
(https://pypi.python.org/pypi/pogo/) and can be installed on any Linux system 
with pip by executing (as root)
  pip install --pre pogo

(Depending on your version of pip, you may or may not need the --pre. Some 
versions of pip won't install Beta software without it.)

If you try it and/or modify it, I'd love to hear any comments you have. Email 
me at boing.to.elasticsearch@gmail.com

Tony

Original comment by crj...@gmail.com on 31 Jan 2015 at 10:04

[GoogleCodeExporter]

Hi Tony,

Thanks a lot for coding this module.

Eventually I will make HonSSH output directly into Elasticsearch. I am really 
interested to see how you formatted the data etc.

Cheers!

Original comment by tnn...@googlemail.com on 2 Feb 2015 at 7:04

[GoogleCodeExporter]

Thank you for mentioning it. Please do take a look and feel free to use any of 
it in your own code, or to suggest improvements.
The code's on Github: https://github.com/tonyrein/pogo. Pull requests more than 
welcome!

Tony

Original comment by boing.to...@gmail.com on 9 Feb 2015 at 7:34

[GoogleCodeExporter]

I forgot to mention in my last message -- I just found a bug today in Pogo 
involving parsing of the username/password records. If the password contains a 
comma, the record won't be parsed properly.

I expect to fix that this week.

Original comment by boing.to...@gmail.com on 9 Feb 2015 at 7:36

[GoogleCodeExporter]

Hey,

Sounds good, I'll take a look more closely when I get some spare time!

Haha, I ran into that issue with the spoof.log file, decided to change the 
delimiter to ' - ' instead. I might change the daily logs to that too at some 
point.

Original comment by tnn...@googlemail.com on 9 Feb 2015 at 7:40

[unixfox]

👍