Where are the logstash logs or conf.d located? #10161
-
|
Hi, I have looked through several google searches. I keep getting locations where I look and its not there. I am looking for logstash.yml, conf.d and any other logstash config's. I am trying to see why my sysmon data dosnt get to kibana in the SOC. /etc/logstash/conf.d (logsearch not found) /opt/so/saltstack/local/pillar/ /opt/so/saltstack/local/salt/logstash (no logstash config file) I see folders but nothing in them, especially conf.d thanks for any help or advice |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 3 replies
-
|
Take a look here https://docs.securityonion.net/en/latest/directory.html? But those specific logs are at |
Beta Was this translation helpful? Give feedback.
-
|
Hi cm-ops, i was on another project for the last couple of weeks. . I dont see it here either? /etc/logstash/conf. d thanks for any suggestions or advice |
Beta Was this translation helpful? Give feedback.
-
|
@iqworks Per your screenshot above, if the When Security Onion 2 is running in Standalone mode or in a full distributed deployment, Logstash transports unparsed logs to Elasticsearch which then parses and stores those logs. It’s important to note that Logstash does NOT run when Security Onion is configured for Import or Eval mode. You can read more about that in the Architecture section. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks Doug. how can I tell which mode I selected during setup? I wanted to do that before re-running sosetup. I looked here Am I looking in the right place for this sosetup.log? thanks again Doug |
Beta Was this translation helpful? Give feedback.
-
|
my bad, I went here and see it now I see this I am going to run rerun sosetup. |
Beta Was this translation helpful? Give feedback.
my bad, I went here and see it now
I see this
I am going to run rerun sosetup.