Integrating logs from Network Devices in to SO2 #2368
-
|
Can we detect an attack in Security Onion 2 using pcap files? How can we integrate logs from other networking devices such as firewall , Antivirus etc to the Security Onion 2 ? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
I would suggest skimming through the documentation: https://docs.securityonion.net/en/2.3/ You can import PCAP files and you can send external log sources. |
Beta Was this translation helpful? Give feedback.
-
|
Do we need to perform an analysis in import node? |
Beta Was this translation helpful? Give feedback.
-
|
As Mike mentioned, there is lots of good documentation at https://docs.securityonion.net/en/2.3/so-import-pcap.html. Specifically, here is the documentation on so-import-pcap: When you run so-import-pcap, it will give you a hyperlink so that you can analyze the resulting logs. You can see so-import-pcap in action in our Youtube video here: To collect firewall logs, please see the syslog page on our documentation site: |
Beta Was this translation helpful? Give feedback.
I would suggest skimming through the documentation: https://docs.securityonion.net/en/2.3/
You can import PCAP files and you can send external log sources.