[Oisf-users] OT: A question about ELK and Suricata
jason taylor
jtfas90 at gmail.com
Thu Apr 6 13:57:19 UTC 2017
Filebeat has worked quite well for us. If you can use it in your
environment, I would recommend it as well.
Filebeat has a native json codec and since suricata can output
everything into json logs it's trivial to get things shipped and
indexed. It also has the ability to do SSL so everything being shipped
is encrypted to (in our case) the logstash indexers.
JT
On Thu, 2017-04-06 at 06:44 -0700, Adam Witt wrote:
> C.L,
>
> If Java is your only concern, you might still look at Filebeat; it's
> written in Go.
>
> Adam
>
> On Thu, Apr 6, 2017 at 6:32 AM, Victor Julien <lists at inliniac.net>
> wrote:
> > On 06-04-17 14:46, C. L. Martinez wrote:
> > > After finish to setup all my Suricata IDS sensors, I need to
> > install/deploy an ELK to visualize info collected by these sensors.
> > Regarding this, due to ELK will be installed in a different host, I
> > need to send sensor's logs to ELK via:
> > >
> > > a/ Using NFS: I can configure Suricata hosts as NFS servers to
> > share logs with ELK host (using a private network)
> > >
> > > b/ Send Suricata logs using syslog to ELK host.
> > >
> > > c/ I can't use filebeat or any java based solution due to these
> > suricata sensors are FreeBSD based (and java doesn't play really
> > well under FreeBSD).
> >
> > You might be interested in this blog post that just came out. It
> > shows
> > how to use syslog-ng
> > https://www.balabit.com/blog/collecting-and-parsing-suricata-logs-u
> > sing-syslog-ng/
> >
> > --
> > ---------------------------------------------
> > Victor Julien
> > http://www.inliniac.net/
> > PGP: http://www.inliniac.net/victorjulien.asc
> > ---------------------------------------------
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.o
> > rg
> > Site: http://suricata-ids.org | Support: http://suricata-
> > ids.org/support/
> > List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf
> > -users
> >
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-
> ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-u
> sers
More information about the Oisf-users
mailing list