Elastic Agent Syslog Parsing on Central Log Server #14407
Replies: 1 comment
-
Security Onion 2.4.60 is exactly one year old today: We'd highly recommend updating to the latest version (2.4.130 as of right now) to get the latest security fixes, bug fixes, and Elastic stack. It's entirely possible that you're running into some kind of bug that has already been fixed in more recent versions: |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Good morning,
We are running a standalone ISO image (2.4.60), and everything is working fine. This was installed by my predecessor, and I am completely new to Security Onion, however, I have read all of the documentation multiple times.
The issue we are facing is with the Elastic Agent that is installed on our central syslog server. The agent itself is functioning fine with the System integration installed. When syslog comes into the Security Onion console or Kibana, we are unable to differentiate the hostnames/ip's that are forwarding syslog to the central collector where the agent is installed. The only hostname/ip's we are seeing are that of the central syslog server itself. We have searched high and low for an answer to this, is there some sort of configuration we need to change/add to correct this, I thought I read that the Elastic Agent should be able to differentiate which hosts/ip's are sending which syslog messages. This is how it is working on our central Windows Event log server with the Windows integration. Hopefully this makes sense what our issue is.
Any help, guidance, explanation, anything would be greatly appreciated.
Beta Was this translation helpful? Give feedback.
All reactions