Does anybody know how, or can offer some clues, as to how I could get the platform to call a python script to use an external API as a result of a syslog message. I know the syslog daemon passes the messages to Minemeld in JSON format, but what would be required to get minemeld to make an outbound call - ideally via script.
The use case is similar to the HTTP log forwarder on the firewall where you can use an external API on another product to trigger an action.
Alternate platform suggestionswelcome.
End result - receive syslog event -> Minemeld does API call or fires Python script -> automated action on third party platform.
Late reply, but FYI
We send our logs to a Graylog logger then use the alerting functionality in there to trigger a HTTP call. Its a bit more complex but we can use the aggregation functionality in Graylog for more complex scenarios, especially in conjuntion with their lookup tables.
For example to get round the IP limitation on EDL's in PA we keep a "buffer" on our imported lists and use MineMeld to send the 'overflow' IP's to Graylog. We then do lookups against traffic and when we see traffic to one of these lower priority IP's we trigger a HTTP alert to post them back to MineMeld with a higher confidence level so then flow through to the output node that is used by EDL's (and DAG pushers etc).
Potentially a bit overkill for you, but scales up very well.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!