Ingest network logs from Existing Elasticsearch to security onion's elastic #9775
Replies: 1 comment 3 replies
-
|
What version is your existing ES cluster? |
Beta Was this translation helpful? Give feedback.
3 replies
-
|
Its elasticsearch-8.5.3. |
Beta Was this translation helpful? Give feedback.
-
|
Have you looked into https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-reindex.html#reindex-from-remote? |
Beta Was this translation helpful? Give feedback.
-
|
thank you so much @cm-ops for the direction. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi Guys,
Short version : Network logs sent to Existing ES - How to Ingest these to SecOnion's ES parsed correctly so zeek or suricata can read/analyse fields properly.
setting up latest security onion 2.3.210., Standalone Mode. We've Network logs from firewalls and other devices being sent to an existing elasticsearch instance. Is it possible to ingest / forward these logs from existing ES to Security Onion's ES with proper parsing as if the logs were sent directly from devices.
Either through filebeat or logstash or what could be the better approach.
Can someone help please share ideas and direct
Sending from that existing ES would be much easy instead of configuring seconion's ip as additional target for all devices for syslogs
Many thanks in advance.
Beta Was this translation helpful? Give feedback.
All reactions