[Zeek] Zeek with ELK

Patrick Kelley patrick.kelley at criticalpathsecurity.com
Sun Jan 5 08:00:16 PST 2020


Logstash is the best option.

http://thegreyblog.blogspot.com/2014/01/installing-logstash-on-freebsd.html?m=1

Patrick Kelley, CISSP, C|EH, ITIL
CTO
patrick.kelley at criticalpathsecurity.com




> On Jan 5, 2020, at 10:35 AM, sec-x sec-x <center.mnt at gmail.com> wrote:
> 
> Hi,
> 
> I recently used zeek IDS on FreeBSD 12.1 - Default Policy (GetTraffic
> from TAP on the network) and i want to send all the logs to ELK in
> realtime.
> 
> I saw Filebeat ports on BSD is old and has problems.
> 
> How can i send the logs from the BSD to the Elastic (what is the
> correct/best way)?
> 
> 
> Thanks,
> 
> CM.
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200105/053834ea/attachment.html 


More information about the Zeek mailing list