Yogger - Yara Scanner for Logstash Logs

Yogger is a systemd service for scanning logstash logs with yara rules

Installation

Clone the repo and run the setup script.

git@github.com:IntegralDefense/yogger.git
cd yogger
./setup.sh

Add an entry for saq_aggregator to your /etc/hosts file

127.0.0.1 saq_aggregator

# start yogger
sudo systemctl start yogger

# stop yogger
sudo systemctl stop yogger

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
config		config
lib		lib
setup		setup
whitelists		whitelists
README.md		README.md
setup.sh		setup.sh
yogger.py		yogger.py