Local Linux host auditing #10516
Local Linux host auditing
#10516
Replies: 2 comments
-
|
For Security Onion 2.3, you can use Filebeat to collect logs from Linux hosts: For Security Onion 2.4, you can use Elastic Agent: |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
If you're looking to monitor specific log files, Filebeat (2.3) or Elastic Agent (2.4) would be the way to go. If you want to monitor more granular endpoint activity, you might want to look into generating logs with auditd or Sysmon4Linux and then forwarding those logs into SO. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I was wondering what is everyone using to monitor local Linux logging for hosts. I am looking for a solution like Winlogbeat to monitor certain changes on the host level of the machines monitored in the environment such as file changes or login by user(s). I was curious if Filebeats would be best since Wazuh is going away in 2.4.
Beta Was this translation helpful? Give feedback.
All reactions