Question

How to import syslog into Suricata and Elastic Stack SIEM

Hello,

I followed the tutorial (https://www.digitalocean.com/community/tutorials/how-to-build-a-siem-with-suricata-and-elastic-stack-on-ubuntu-20-04). Thank you by the way for this very complete tutorial.

However, I can not find how to import log files into the SIEM coming from an external source (I have a Windows machine sending logs with nxlog, collected by rsyslog on the Ubuntu server).

I have tried configuring filebeat.yml (enabled the filebeat.inputs, and set the paths to /var/log/*/*.log) but this does not send any of the log files in this folder to the SIEM.

Could you please indicate to me what I am doing wrong? Is the import of log files in Suricata instead?

I would very much appreciate any help, I am a bit lost on this topic.

Thank you,

PS : please excuse me if I chose the wrong topic.


Submit an answer
Answer a question...

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer