log aggregation method
47 views
Skip to first unread message
alireza MHZ
Nov 29, 2019, 3:17:47 AM11/29/19
to SELKS
hello
is there any agent for SELKS for getting logs ?
thanks
Alexander Nedelchev
Nov 29, 2019, 3:32:56 AM11/29/19
to SELKS
Hi,
you mean like sending logs to exterenel ES or ...
On the left hand site you click on the Logo->System settings->Use a custom Elasticsearch server
Many more options like sending to splunk or external syslog etc. ...and many more are part of the enterprise solution https://www.stamus-networks.com/ .
Regards.
alireza MHZ
Nov 29, 2019, 4:07:31 AM11/29/19
to SELKS
hi alexander
no
i want to receive log on SELKS.
how can i send logs to it?
for example from a windows server on the internet i want to send it's logs to selks for analysis.
Alexander Nedelchev
Nov 29, 2019, 4:11:47 AM11/29/19
to SELKS
Hello,
you mean you want to send traffic for analyses ?
You just need a switch that is port mirroring capable.
Then you just direct that traffic to the iface of the machine where SELKS packet capture is set.
Alexander Nedelchev
Nov 29, 2019, 4:16:04 AM11/29/19
to SELKS
I mean, you direct the mirrored traffic to the iface of the machine where SELKS packet capture is set.
alireza MHZ
Nov 29, 2019, 4:24:37 AM11/29/19
to SELKS
is this the only way?
is here a way to capture traffic or logs for a client out of the network?
Alexander Nedelchev
Nov 29, 2019, 4:39:44 AM11/29/19
to SELKS
I don't understand what you mean "out of the network".
You could capture the traffic with a sniffer , for example "tcpdump" and save that traffic to a .pcap file.
After that you copy that file to SELKS and replay to the packet capture iface with "tcpreplay"
But that method is not efficient and really,really time consuming.
Peter Manev
Dec 1, 2019, 4:17:19 AM12/1/19
to Alexander Nedelchev, SELKS
Hi ,
You could send any types of logs to SELKS to be stored/used by Elasticsearch.
For that you simply need to ship those to SELKS via filebeat from the destination and set up logstash and its config (in SELKS) appropriately (/etc/logstash/) to receive the logs ( https://www.elastic.co/guide/en/logstash/6.8/input-plugins.html )
Hope it helps!
Thanks You could send any types of logs to SELKS to be stored/used by Elasticsearch.
For that you simply need to ship those to SELKS via filebeat from the destination and set up logstash and its config (in SELKS) appropriately (/etc/logstash/) to receive the logs ( https://www.elastic.co/guide/en/logstash/6.8/input-plugins.html )
Hope it helps!
--
IRC: Let's talk about SELKS on Freenode IRC on the #SELKS channel
Wiki: https://github.com/StamusNetworks/SELKS/wiki
GitHub: https://github.com/StamusNetworks/SELKS
Blog: https://www.stamus-networks.com/theblog/
Twitter: @StamusN
g+: Stamus Networks
---
You received this message because you are subscribed to the Google Groups "SELKS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to selks+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/selks/9cbe6c21-5240-43b7-a0a1-7a32b475b25f%40googlegroups.com.
Regards,
Peter Manev
Reply all
Reply to author
Forward
0 new messages