How do you ingest AWS WAF logs from S3? #11264
-
|
Hi there, I'm looking to ingest WAF logs that reside in an S3 bucket but I'm not quite sure how to add that config to Security Onion's Logstash docker implementation. Or would that need to be ingested in a different way that's not via Logstash? I looked for documentation on it but wasn't able to find anything. Thank you in advance! |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 3 replies
-
|
Or should this not happen on the logstash side but as a filebeat on a different node? |
Beta Was this translation helpful? Give feedback.
-
|
its an elastic agent integration. Any elastic agent will do. |
Beta Was this translation helpful? Give feedback.
-
|
Ah, I didn't even see that -- thank you SO much! |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
|
Does elasticbeat run on a single node like Filebeat did in 2.3? I want to setup a POC of ingesting VPC Flow logs from S3. 2.3 allowed you to configure filebeat to do this - https://docs.securityonion.net/en/latest/filebeat.html |
Beta Was this translation helpful? Give feedback.
-
|
@kclinden Please take a look at https://docs.securityonion.net/en/2.4/elastic-agent.html. If you have further questions or problems, please start a new discussion rather than replying to somebody else's discussion. Thanks! |
Beta Was this translation helpful? Give feedback.
https://docs.elastic.co/en/integrations/aws/waf