[Oisf-users] OT: A question about ELK and Suricata
Adam Witt
accidentalassist at gmail.com
Thu Apr 6 13:44:16 UTC 2017
C.L,
If Java is your only concern, you might still look at Filebeat; it's
written in Go.
Adam
On Thu, Apr 6, 2017 at 6:32 AM, Victor Julien <lists at inliniac.net> wrote:
> On 06-04-17 14:46, C. L. Martinez wrote:
> > After finish to setup all my Suricata IDS sensors, I need to
> install/deploy an ELK to visualize info collected by these sensors.
> Regarding this, due to ELK will be installed in a different host, I need to
> send sensor's logs to ELK via:
> >
> > a/ Using NFS: I can configure Suricata hosts as NFS servers to share
> logs with ELK host (using a private network)
> >
> > b/ Send Suricata logs using syslog to ELK host.
> >
> > c/ I can't use filebeat or any java based solution due to these
> suricata sensors are FreeBSD based (and java doesn't play really well under
> FreeBSD).
>
> You might be interested in this blog post that just came out. It shows
> how to use syslog-ng
> https://www.balabit.com/blog/collecting-and-parsing-
> suricata-logs-using-syslog-ng/
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170406/a569bcf6/attachment-0002.html>
More information about the Oisf-users
mailing list