Syslog to SIEM #9918
-
|
Hello I am running a standalond SO, version 2.3.220, 12 gig ram 2 TB storage. It is runing in a home lab with 9 deivces on the network. What I would like to do for a test is forward all data being ingested on the monitor port to a SIEM,via syslog, that I am testing for my day job. I want to keep my SO instance running in my lab after this test is done so I don't want to remove and replace. Is this possible and if so is there guidance on how to accomplish this? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
You could accomplish this by configuring logstash to output to syslog and point that to your SIEM. The documentation to do so can be found at https://www.elastic.co/guide/en/logstash/current/plugins-outputs-syslog.html. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you!! |
Beta Was this translation helpful? Give feedback.
You could accomplish this by configuring logstash to output to syslog and point that to your SIEM. The documentation to do so can be found at https://www.elastic.co/guide/en/logstash/current/plugins-outputs-syslog.html.