[Zeek] Zeek with ELK

duhang darkheaven1983 at gmail.com
Sun Jan 5 17:52:52 PST 2020


You can try rsyslog imfile module to send logs to logstash. The following
is my configuration.

$ModLoad imfile
$InputFileName /usr/local/bro/logs/current/dns.log
$InputFileTag dns:
$InputFileStateFile stat-dns
$InputFileSeverity info
$InputFileFacility local2
$InputRunFileMonitor

$SystemLogRateLimitInterval 0
$SystemLogRateLimitBurst 0
$MaxMessageSize 64k

sec-x sec-x <center.mnt at gmail.com> 于2020年1月5日周日 下午11:36写道:

> Hi,
>
> I recently used zeek IDS on FreeBSD 12.1 - Default Policy (GetTraffic
> from TAP on the network) and i want to send all the logs to ELK in
> realtime.
>
> I saw Filebeat ports on BSD is old and has problems.
>
> How can i send the logs from the BSD to the Elastic (what is the
> correct/best way)?
>
>
> Thanks,
>
> CM.
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200106/91801d18/attachment.html 


More information about the Zeek mailing list