need Logstash configuration to parse xml file

Asked Jan 03 '19 at 04:46

Active Jan 03 '19 at 11:11

Viewed 84 times

I need to parse the xml file from Netsparker vulnerability scanner output. there are many ways and I'm confused how to do it. ELK v6.5.2

HERE is the xml file : https://www.netsparker.com/statics/faq/Threat%20Classification%20-%20Requirement%20Mappings.xml

I've also tried this code :

input {

file { 
  path => "/home/test/xml.xml"
  start_position => "beginning"
  type => "xml"
  codec => multiline {
    pattern => "<ThreatsTable>" 
    negate => "true"
    what => "previous"
    max_lines => "10000"
  }
}
}

filter {

xml {
  source => "message"
  target => "parsed"
}
}

output {

elasticsearch {
  codec => json
  hosts => ["localhost:9200"]
}
}

I need every field in the xml file, as you can see there is one "ThreatTable" and many other "ThreatsRow", each with 12 lines of code. ( sorry for bad language ) so what is need is to have each ThreatsRow as a log and every log with its fields like : SEVERITY , SHORTNAME and ...

edited Jan 03 '19 at 11:11

baudsp

4,076
1
17
35

asked Jan 03 '19 at 04:46

Mozart4242

See https://stackoverflow.com/a/34896295/6113627. The issue is with `pattern => "" `, you'll have to use `pattern => "" ` to have single log with each threatsRow – baudsp Jan 03 '19 at 12:26
thanks man -@baudsp – Mozart4242 Jan 04 '19 at 09:23

need Logstash configuration to parse xml file

0 Answers0