maus-

input {
  syslog = {
    type => syslog
    port => 514
  }
}
filter {
  grok {
   type => "auditd"
   pattern => [" AUDIT type=%{WORD:audit_type} msg=audit\(%{NUMBER:audit_epoch}:%{NUMBER:audit_coun

inliniac

{
  "network": {
    "servers": [ "x.x.x.x:5043" ],
    "ssl certificate": "./lumberjack.pub",
    "ssl key": "./lumberjack.key",
    "ssl ca": "./lumberjack.pub"
  },
  "files": [
    {
      "paths": [ "/var/log/suricata/eve.json" ],