[Zeek] Zeek with ELK
duhang
darkheaven1983 at gmail.com
Sun Jan 5 17:52:52 PST 2020
You can try rsyslog imfile module to send logs to logstash. The following
is my configuration.
$ModLoad imfile
$InputFileName /usr/local/bro/logs/current/dns.log
$InputFileTag dns:
$InputFileStateFile stat-dns
$InputFileSeverity info
$InputFileFacility local2
$InputRunFileMonitor
$SystemLogRateLimitInterval 0
$SystemLogRateLimitBurst 0
$MaxMessageSize 64k
sec-x sec-x <center.mnt at gmail.com> 于2020年1月5日周日 下午11:36写道:
> Hi,
>
> I recently used zeek IDS on FreeBSD 12.1 - Default Policy (GetTraffic
> from TAP on the network) and i want to send all the logs to ELK in
> realtime.
>
> I saw Filebeat ports on BSD is old and has problems.
>
> How can i send the logs from the BSD to the Elastic (what is the
> correct/best way)?
>
>
> Thanks,
>
> CM.
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200106/91801d18/attachment.html
More information about the Zeek
mailing list