<div dir="ltr">C.L,<div><br></div><div>If Java is your only concern, you might still look at Filebeat; it's written in Go.</div><div><br></div><div>Adam</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Apr 6, 2017 at 6:32 AM, Victor Julien <span dir="ltr"><<a href="mailto:lists@inliniac.net" target="_blank">lists@inliniac.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 06-04-17 14:46, C. L. Martinez wrote:<br>
>  After finish to setup all my Suricata IDS sensors, I need to install/deploy an ELK to visualize info collected by these sensors. Regarding this, due to ELK will be installed in a different host, I need to send sensor's logs to ELK via:<br>
><br>
>  a/ Using NFS: I can configure Suricata hosts as NFS servers to share logs with ELK host (using a private network)<br>
><br>
>  b/ Send Suricata logs using syslog to ELK host.<br>
><br>
>  c/ I can't use filebeat or any java based solution due to these suricata sensors are FreeBSD based (and java doesn't play really well under FreeBSD).<br>
<br>
</span>You might be interested in this blog post that just came out. It shows<br>
how to use syslog-ng<br>
<a href="https://www.balabit.com/blog/collecting-and-parsing-suricata-logs-using-syslog-ng/" rel="noreferrer" target="_blank">https://www.balabit.com/blog/<wbr>collecting-and-parsing-<wbr>suricata-logs-using-syslog-ng/</a><br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
------------------------------<wbr>---------------<br>
Victor Julien<br>
<a href="http://www.inliniac.net/" rel="noreferrer" target="_blank">http://www.inliniac.net/</a><br>
PGP: <a href="http://www.inliniac.net/victorjulien.asc" rel="noreferrer" target="_blank">http://www.inliniac.net/<wbr>victorjulien.asc</a><br>
------------------------------<wbr>---------------<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
______________________________<wbr>_________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@<wbr>openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/<wbr>support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.<wbr>openinfosecfoundation.org/<wbr>mailman/listinfo/oisf-users</a><br>
</div></div></blockquote></div><br></div>