Replies: 1 comment
-
|
The sankey diagram is showing you that you do indeed have logs with an Depending on what kind of log it is and what you're hoping to do with it, you may want to look and see if there is an existing Elastic Integration for it or if it would be worth writing a custom Elasticsearch ingest parser in order to fully parse the log and set an appropriate |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.30
Installation Method
Security Onion ISO image
Description
installation
Installation Type
Eval
Location
on-prem with Internet access
Hardware Specs
Exceeds minimum requirements
CPU
8
RAM
32
Storage for /
4tb
Storage for /nsm
3tb
Network Traffic Collection
tap
Network Traffic Speeds
1Gbps to 10Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
Yes, there are salt failures (please provide detail below)
Logs
No, there are no additional clues
Detail
Hello! I have a few devices that do not support elastic agent. I have configured them (OS's sending syslog are freebsd machines) to send syslog data directly to Security Onion. I have confirmed that SO is receiving the data, however it is showing as missing in the dashboards:
You'll have to excuse my ignorance with elastic, but I cannot find a guide on how to setup/troubleshoot when logs are not being picked up by elastic/kibana. I just want to correct this to ensure I am getting visibility across all devices.
I did some searching and couldn't find a guide on how to fix issues like this. Can someone help or point me in the right direction?
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions