Collecting journald logs
#12452
Replies: 1 comment 1 reply
-
|
These are the current supported integrations https://docs.securityonion.net/en/2.4/elastic-fleet.html#integrations The devs have been adding them in batches, I can pass along a request for the journald integration to them. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
That would be awesome! |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.50
Installation Method
Security Onion ISO image
Description
other (please provide detail below)
Installation Type
Standalone
Location
on-prem with Internet access
Hardware Specs
Exceeds minimum requirements
CPU
8
RAM
32
Storage for /
200Gb
Storage for /nsm
1Tb
Network Traffic Collection
other (please provide detail below)
Network Traffic Speeds
Less than 1Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
Hey!
Did anyone set up collecting journald logs with elastic agent?
According to Elastic docs there must be "Custom journald logs" integration , that is available in Kibana >= 8.8.0. SO 2.4.50 showing 8.10.4
But I can't find it in SO Kibana Integrations even with "Display beta integrations".
It's rather critical, because some distros like Debian 12 doesn't use syslog anymore by default.
Checked it in our standalone ELK 8.12.x: it's available for integration.
Thanks a lot!
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions