We're working on analyzing semi-structured logs (such as syslog, Windows
events, etc.), and I'm trying to figure out if Bro/Zeek is the right tool
for the job.
Bro/Zeek has great support for parsing syslog messages into its parts
but we wanna take it one step further, applying some NLP to the message
part of the syslog entry, such as named entity extraction.
What's the best way to integrate something like this?
1. Forking the syslog script from bro/scripts/base/protocols/syslog ,
and using Zeek's FFI to integrate some C/C++ code?
2. Use whatever NLP tools I prefer, and integrate the Brocolli Client
to send events to Bro/Zeek?
Maybe there is other, better ways to do this. Any advice on this matter
would be appreciated!