Elastic integrations (Sonicwall) and port nat to container

[8bitjoe]

Greetings,

I'm currently trying to integrate SonicWall Logs being sent through syslog to be ingested in Security Onion 2, using the Filebeat module produces many parsing errors, however, doing a bit of research i find that there is already an elastic integration with parsing for all category of logs thrown by the SonicWall firewall. https://docs.elastic.co/integrations/sonicwall_firewall

Upon enabling said integration, I'm left wondering the following:
how to make the dnat to the container persistent, how would i go about this with salt configurations?
is there support for elastic integrations in the first place? Can they be added through salt as well?
How do i integrate something like this with the rest of the stack instead of the logs being sent straight to Elasticsearch?

[InfosecGoon]

Good morning! Elastic Integrations are actually a feature of the Elastic Agent, which is not supported in Security Onion 2.3.

Have you tried using the Filebeat module for Sonicwall instead?

Docs for the Elastic Filebeat module: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-sonicwall.html

Docs for using modules in Security Onion: https://docs.securityonion.net/en/2.3/filebeat.html#modules