Receiver Node as collector #12920
Receiver Node as collector
#12920
Replies: 1 comment
-
|
Assuming that you're using the Elastic Agent integration to receive those netflow and syslog logs, you can send them to any machine running an Agent in your environment. It doesn't even have to be one of the Security Onion nodes, you could just spin up a fresh Linux VM, install the Elastic Agent from the Downloads section, and assign an Agent Policy with the appropriate integrations enabled. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi all
I am using a distributed deployment for Security Onion with Manager, Search, Forward, Receiver and IDH nodes.
I am actually sending netflow/slow and syslogs to the Receiver node, cause it seems to be the node with lower cpu usage (from grid tab).
Is It this correct or should I add another Forward node dedicated to netflow/syslog collection ?
At the moment I have about 200 Elastic Agents on the Fleet server, but at the end they will be about 500.
thanks
Giacomo
Beta Was this translation helpful? Give feedback.
All reactions