SolarWinds and Sec Onion #12850
Replies: 1 comment 3 replies
-
|
Looks like you would just be sending it in syslog format, you could allow the server on port 514 to send to your SO server. If you were to use the Elastic Agent, there are agent policies to parse Windows event logs. https://docs.securityonion.net/en/2.4/elastic-fleet.html#system-endpoints-system-integration |
Beta Was this translation helpful? Give feedback.
-
|
Thank you. We're going to try the Solarwinds Log forwarding agent first since it's already installed. Does receiving these logs require it to be sent to the sensor or would the manager receive it fine? |
Beta Was this translation helpful? Give feedback.
-
|
I was able to start seeing the syslog data in SO and Kibana. However, all the data is only shown in the "message" field. Would I need to install filebeats on all the devices in order get the data more organized? In the meantime I'll see if the log forwarder agents can send another method besides syslog. |
Beta Was this translation helpful? Give feedback.
-
|
https://docs.securityonion.net/en/2.4/syslog.html The manager is fine and by choosing |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Currently using the distributed model using manager, search node and 2 sensors.
There is the SolarWinds Log Forwarder app on some windows machines that ships windows logs to SolarWinds currently and the option to add additional receiving servers.
Technically, if I were to add the manager node as an additional recipient, would Sec Onion receive the logs and translate it fine?
Beta Was this translation helpful? Give feedback.
All reactions