ELASTIC SIEM ( Security information and event management ) - Equivalente for Fluentd

273 views

Skip to first unread message

Gabo Kete

unread,

Jul 15, 2019, 10:30:06 AM7/15/19

to Fluentd Google Group

Hi Everyone...

I am working in setting up a logging standard across the whole organisation and the security team is pushing us to use for Data Aggregation and Processing Logstash.. I am not really a big fan of Logstash for many reasons, performance, complexity , you name it ..

So My Architecture will be something like this

Log Forwarder --> Log Buffer <--- Log Processing and Parsing ---> Search Engine --> Visualization

FLUENT-BIT ---> KAFKA <---- FLUENTD ---> ELASTIC SEARCH ---> KIBANA

As you can see this is a "typical" EFK solution, where we use KAFKA mostly as a Log Bugger.. but I am having some requirements from the Security team which they want to do Security information and event management (SIEM).

This is something ELK stack comes with it out of the box and offer in their stack ( check link below )

https://www.elastic.co/products/siem -->ELASTIC SIEM

So I was wondering if there is an alternative Security information and event management (SIEM) some of you have implemented or if Treasure Data offer also out of the shell a similar solution as Elastic

So far I haven't found anything relevant which can help me to support the need of FluentD for that specific requirement and everything is pushing toward of using Logstash

I hope some of you have gone through the same and knows a reasonable solution for this specific requirement

Really much Appreciated

Mr. Fiber

unread,

Jul 16, 2019, 4:53:48 AM7/16/19

to Fluentd Google Group

Hmm... from the document, Elastic SIEM seems the combo of filebeat and kibana apps.

filebeat sends syslog, ssh and auth file logs to Elastic and Kibana uses it.

So to simulate it with fluentd ecosystem, using tail input with specific parser or filter is one approach.

I heard some users use fluentd with SIEM products before and they implemented output plugin for it.

I'm not sure complete alternative exists in community plugins.

--
You received this message because you are subscribed to the Google Groups "Fluentd Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fluentd+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/fluentd/1fca563b-de6c-40ed-ae2d-2c697b63f6ad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all

Reply to author

Forward

0 new messages