S02 Logstash Parsing
108 views
Skip to first unread message
Josh
Mar 26, 2021, 3:55:36 PM3/26/21
to security-onion
As we work on migrating to SO2 we're currently trying to get logs / functions up and running ASAP and then working on Elasticsearch pipeline ingestion.
We'd like for the meantime to use the logstash confs we had in place.
Following:
1. I updated the minion for the heavy forwarder adding
logstash:
pipelines:
search:
config:
- custom/custom_logstash_conf.jinja
pipelines:
search:
config:
- custom/custom_logstash_conf.jinja
2. Placed the conf in /opt/so/saltstack/local/salt/logstash/pipelines/config/custom/
3. Did an so-elastic-restart
4. Not sure if of interest, but the "local" dir on the heavy forwarder is empty.
Logs are not being parsed. I don't think I'm missing anything additional in the docs. Thanks in advance!
Doug Burks
Mar 29, 2021, 6:13:55 AM3/29/21
to securit...@googlegroups.com
If you have questions about the new Security Onion 2 platform, please use our new Github Discussions page instead of this Google Group:
https://securityonion.net/discuss
Thanks!
https://securityonion.net/discuss
Thanks!
--
Please keep in mind that Security Onion 16.04 reaches End Of Life soon!
https://blog.securityonion.net/2020/10/6-month-eol-notice-for-security-onion.html
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/security-onion/a654f1d5-faab-49ac-a7ab-c88cbf7cffb3n%40googlegroups.com.
Doug Burks
Founder and CEO
Security Onion Solutions, LLC
Founder and CEO
Security Onion Solutions, LLC
Reply all
Reply to author
Forward
0 new messages