Unable able to see the logs and doesn't trigger #15
Description
Hello, Thank you of this pack. I have went thru configured and build it using default value and generated ST2 key and added. below is the example:
+----------+--------------------------------------------------------------+
| Property | Value |
+----------+--------------------------------------------------------------+
| id | 5ee144fea84e178f8725b6c4 |
| pack | ghost2logger |
| values | { |
| | "ghost_ip": "0.0.0.0", |
| | "ghost_port": "12023", |
| | "password": "********", |
| | "sensor_listen_ip": "0.0.0.0", |
| | "sensor_listen_port": "12022", |
| | "st2_api_key": "<< generated keys >>", |
| | "st2url": "http://127.0.0.1:9101/v1/rules/?limit=10&pack |
| | =ghost2logger", |
| | "syslog_listen_port": "514", |
| | "username": "admin", |
| | "web_hook_auth_header_key": "Authorization", |
| | "web_hook_auth_header_val": "Basic YWRtaW46YWRtaW4=" |
| | } |
+----------+--------------------------------------------------------------+
SENSOR LIST
+------------------------------+--------------+------------------------------+---------+
| ref | pack | description | enabled |
+------------------------------+--------------+------------------------------+---------+
| linux.FileWatchSensor | linux | Sensor which monitors files | True |
| | | for new lines | |
| ghost2logger.Ghost2loggerLoo | ghost2logger | Sensor that carries out | True |
| pback | | loopback API activities | |
| ghost2logger.Ghost2loggerSen | ghost2logger | Sensor for Ghost2 Logger | True |
| sor | | | |
+------------------------------+--------------+------------------------------+---------+
here is the Rule:
| context | |
| criteria | { |
| | "trigger.host": { |
| | "pattern": "192.168.1.1", |
| | "type": "eq" |
| | }, |
| | "trigger.pattern": { |
| | "pattern": "SYS-5-CONFIG_STARTUP", |
| | "type": "eq" |
| | } |
| | } |
How to check the logs, and how do I know if this rule is correct?