observabiltiy and security firewall questions #1926
-
|
I am trying to get system logs from linux syslog and windows into kibana but couldn't figure out the so-allow/so-firewall syntax to open the ports. I'm running 1 master server and we already have it digesting all network traffic which works great. Also what settings do i put in filebeat.yml to send to the elasticsearch in security onion? Thanks, |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
If you're sending via syslog protocol, run If you're sending via Elastic beats, run Configure filebeat to send to Logstash rather than Elasticsearch. For more information, please see: |
Beta Was this translation helpful? Give feedback.
-
|
Thanks Doug! I'll check these out. |
Beta Was this translation helpful? Give feedback.
-
|
I got my windows test host to work but my linux test host is not showing up in hosts in security onion. FIlebeat seems to be configured correctly on the linux host and i tried syslog as well. Both so-allow options i allowed the vlan that both hosts are on. |
Beta Was this translation helpful? Give feedback.
-
|
What exactly do you mean by How exactly did you configure Filebeat? |
Beta Was this translation helpful? Give feedback.
If you're sending via syslog protocol, run
so-allowand choose thesoption.If you're sending via Elastic beats, run
so-allowand choose theboption.Configure filebeat to send to Logstash rather than Elasticsearch.
For more information, please see:
https://docs.securityonion.net/en/2.3/so-allow.html?highlight=so-allow
https://docs.securityonion.net/en/2.3/beats.html