[Oisf-users] OT: A question about ELK and Suricata
Victor Julien
lists at inliniac.net
Thu Apr 6 13:32:58 UTC 2017
On 06-04-17 14:46, C. L. Martinez wrote:
> After finish to setup all my Suricata IDS sensors, I need to install/deploy an ELK to visualize info collected by these sensors. Regarding this, due to ELK will be installed in a different host, I need to send sensor's logs to ELK via:
>
> a/ Using NFS: I can configure Suricata hosts as NFS servers to share logs with ELK host (using a private network)
>
> b/ Send Suricata logs using syslog to ELK host.
>
> c/ I can't use filebeat or any java based solution due to these suricata sensors are FreeBSD based (and java doesn't play really well under FreeBSD).
You might be interested in this blog post that just came out. It shows
how to use syslog-ng
https://www.balabit.com/blog/collecting-and-parsing-suricata-logs-using-syslog-ng/
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list