I followed the tutorial (https://www.digitalocean.com/community/tutorials/how-to-build-a-siem-with-suricata-and-elastic-stack-on-ubuntu-20-04). Thank you by the way for this very complete tutorial.
However, I can not find how to import log files into the SIEM coming from an external source (I have a Windows machine sending logs with nxlog, collected by rsyslog on the Ubuntu server).
I have tried configuring filebeat.yml (enabled the filebeat.inputs, and set the paths to
/var/log/*/*.log) but this does not send any of the log files in this folder to the SIEM.
Could you please indicate to me what I am doing wrong? Is the import of log files in Suricata instead?
I would very much appreciate any help, I am a bit lost on this topic.
PS : please excuse me if I chose the wrong topic.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.