Logstash missing on manager Search node.

[shanuravi]

Version

2.4.60

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Distributed

Location

airgap

Hardware Specs

Meets minimum requirements

CPU

16

RAM

200GB

Storage for /

100TB

Storage for /nsm

5 TB

Network Traffic Collection

tap

Network Traffic Speeds

1Gbps to 10Gbps

Status

No, one or more services are failed (please provide detail below)

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

Hello Team,

Om manager Logstash process process goes missing. How we can send 24 hour old logs to external SIEM. SO that it will not effect the Logstash process or there is any other way to keep Logstash process healthy.

Any script available or any other way with which we reduce memory and swap usage.

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[shanuravi]

Hello Team,

Om manager Logstash process process goes missing. How we can send 24 hour old logs to external SIEM. SO that it will not effect the Logstash process or there is any other way to keep Logstash process healthy.

Any script available or any other way with which we reduce memory and swap usage on sensor.

[cm-ops]

Is there anything in the Logstash log to indicate an issue? /opt/so/log/logstash/logstash.log Have you looked at this https://docs.securityonion.net/en/2.4/logstash.html#forwarding-events-to-an-external-destination that will give you an example on how to send logs to an external destination.

How much memory does you sensor have? What is using the most memory?