Fluentd Logs
Connecting Fluentd logs to your Panther Console
Panther supports ingesting Fluentd logs via common Data Transport options: HTTP Source, Amazon Web Services (AWS) S3 and SQS.
To connect these logs into Panther:
- 1.In the lefthand navigation menu of the Panther Console, click Configure > Log Sources.
- 2.Click Create New.
- 3.Search for "Fluentd", then click its tile.
- 4.In the slide-out panel, select the Transport Mechanism you wish to use for this integration.
- 5.Click Start Setup.
- 6.Follow Panther's instructions for configuring your chosen Data Transport method:
- 7.Configure Fluentd to push logs to the Data Transport source.
- See Fluentd's documentation for instructions on pushing logs to your selected Data Transport source.
Fluentd syslog parser for the RFC3164 format (ie. BSD-syslog messages)
schema: Fluentd.Syslog3164
description: Fluentd syslog parser for the RFC3164 format (ie. BSD-syslog messages)
referenceURL: https://docs.fluentd.org/parser/syslog#rfc3164-log
fields:
- name: pri
description: Priority is calculated by (Facility * 8 + Severity). The lower this value, the higher importance of the log message.
type: smallint
- name: host
required: true
description: Hostname identifies the machine that originally sent the syslog message.
type: string
indicators:
- hostname
- name: ident
required: true
description: Appname identifies the device or application that originated the syslog message.
type: string
- name: pid
description: ProcID is often the process ID, but can be any value used to enable log analyzers to detect discontinuities in syslog reporting.
type: bigint
- name: message
required: true
description: Message contains free-form text that provides information about the event.
type: string
- name: time
required: true
description: Timestamp of the syslog message in UTC.
type: timestamp
timeFormats:
- '%Y-%m-%d %H:%M:%S %z'
isEventTime: true
- name: tag
required: true
description: Tag of the syslog message
type: string
Fluentd syslog parser for the RFC5424 format (ie. BSD-syslog messages)
schema: Fluentd.Syslog5424
description: Fluentd syslog parser for the RFC5424 format (ie. BSD-syslog messages)
referenceURL: https://docs.fluentd.org/parser/syslog#rfc5424-log
fields:
- name: pri
description: Priority is calculated by (Facility * 8 + Severity). The lower this value, the higher importance of the log message.
type: smallint
- name: host
required: true
description: Hostname identifies the machine that originally sent the syslog message.
type: string
indicators:
- hostname
- name: ident
required: true
description: Appname identifies the device or application that originated the syslog message.
type: string
- name: pid
required: true
description: ProcID is often the process ID, but can be any value used to enable log analyzers to detect discontinuities in syslog reporting.
type: bigint
- name: msgid
required: true
description: MsgID identifies the type of message. For example, a firewall might use the MsgID 'TCPIN' for incoming TCP traffic.
type: string
- name: extradata
required: true
description: ExtraData contains syslog structured data as string
type: string
- name: message
required: true
description: Message contains free-form text that provides information about the event.
type: string
- name: time
required: true
description: Timestamp of the syslog message in UTC.
type: timestamp
timeFormats:
- '%Y-%m-%d %H:%M:%S %z'
isEventTime: true
- name: tag
required: true
description: Tag of the syslog message
type: string
Last modified 24d ago