Ship syslog to SIEM
I have been exploring Graylog and its use cases for detecting events on my network. Today I was wondering if SS has a syslog equivalent exposed on some port to which I could have Graylog listen and capture.
I see there is a log.txt in SS that allows me to see camera disconnects and errors. Would be fun to capture that, or a log like it, and build some alerts for certain events.
Comments
SecuritySpy does expose an event stream via its web interface. This is documented under the Miscellaneous section of the Web Server Specification document. I don't know whether this can be digested by Graylog, but perhaps this is something that would be useful for you for this project.
Hello, long time user , first time commenter.
I would like to elevate this to a feature request .
For many people, SecuritySpy is an important if not critical part of their infrastructure. As such it must be monitored. In 2025 unmonitored services are vulnerable and at risk.
I would like to request that Security Spy formally support sending events via the syslog protocol. It should support TCP and UDP sends. It should be able to control/sort event types. Following the syslog RFC would be a great start. https://datatracker.ietf.org/doc/html/rfc5424
I am sure I could bundle up some sort of script solution but support out of the box is lighter weight and lower risk. As an added bonus this gives users another way to do alerting that has a wealth of safe and known implementations.
Regards
Zip
I looked at the Web Server Specification . While useful it misses many of the events that i would really like to capture. For example SS errors. Or logins from the interfaces .
A fully implemented logging interface would be more secure and useful.
Thanks
Zip