How to ingest Logstash data via Sensor #14733
-
|
I would like a Sensor to ingest Logstash data on port 5044 coming from another system. I've investigated opening port 5044 on the Sensor using 'customhostgroup1' and 'customportgroup1' settings. Then on the Manager I created /opt/so/saltstack/local/salt/logstash/pipelines/config/custom/custom_beats.conf that contains I then added custom/custom_beats.conf to Administration > Configuration > logstash > defined_pipelines > custom1 None of that had any effect though because Logstash isn't running on the Sensor. Is this even a possibility? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Sensor nodes do not run Logstash, https://docs.securityonion.net/en/2.4/architecture.html#distributed You would probably want to send that data via Logstash to your manager node. |
Beta Was this translation helpful? Give feedback.
Sensor nodes do not run Logstash, https://docs.securityonion.net/en/2.4/architecture.html#distributed
You would probably want to send that data via Logstash to your manager node.