LEEF logs to UEF

I’m looking to convert some anti-virus logs that are in LEEF format to UEF. Is there a way to do it for free? I looked at NXLog Platform Premium, but is there an alternative to NXLog, free is good, but cheaper is good too.

@apratt this should be do-able using Nxlog community edition, see a blog post from Rapid7 here on how to use it to transform logs to UEF for Ingress

David

Thanks @david_smith1 But the community edition can’t import LEEF logs, at least according to there documentation. It requires the now end of life Enterprise edition, or the premium edition.

Interesting I wasn’t aware of that limitation, what input module were you hoping to use for these? Or can you point to the documentation that references this limitation?

David

I was trying to use the xm_leef module. Which NXlog says it doesn’t have the module. And that led be to this page. Platform Plans with feature list Which under Data Processing and Parsing, says you need the Premium plan for LEEF.
I’m new to NXLogs, so if I’m wrong, I’d be very happy about that :slight_smile:

Maybe a good samaritan will write a Python binary file parser that parses the LEEF format, exposes it in a struct, then you can write a module that exports the Python object to JSON/XML?