Replies: 3 comments 2 replies
-
|
You could send them via syslog to the manager on port 514, you would just need to create the firewall entry for the host in the SO firewall. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for your answer,will the log be parsed or we need to add a custom parser ? |
Beta Was this translation helpful? Give feedback.
-
|
If you send them as syslog, they will be parsed as syslog. If you want them parsed out I would suggest using the apache integration. |
Beta Was this translation helpful? Give feedback.
-
|
The Apache Integration use the log file as an input, is there any way to change this input to syslog, so we wont need to install the Elastic Agent? |
Beta Was this translation helpful? Give feedback.
-
|
https://docs.securityonion.net/en/2.4/syslog.html#syslog for sending via syslog. For a cusom log, if you send via syslog and port 514, you would need to modify the syslog pipeline and create a custom parser for the logs. You could also set up a custom Logstash pipeline for the logs and use a custom Elasticsearch ingest config to parse them. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.50
Installation Method
Security Onion ISO image
Description
configuration
Installation Type
Distributed
Location
on-prem with Internet access
Hardware Specs
Meets minimum requirements
CPU
4
RAM
16
Storage for /
200
Storage for /nsm
200
Network Traffic Collection
tap
Network Traffic Speeds
1Gbps to 10Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
Hello
Is there any way to monitor and send apache log via syslog to a remote fleet server or to the securityonion Manager without using the ElasticAgent.
Thanks.
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions