Can Someone Help me Configure Suricata Filebeat on elastic cloud?

Elastic Security SIEM
1

Here are steps I followed to install Filebeats:

  1. "C:\Program Files\Filebeat"
  2. cd "C:\Program Files\Filebeat"
  3. Edited Elastic Cloud section filebeat.yml file to add cloud.id: and cloud.auth:
  4. filebeat.exe modules enable suricata
  5. I don't really know if anything else is need to edit here.
  6. .\filebeat.exe -e test config
  7. There were logs that were being generated. So I guess it was working until there.
  8. .\filebeat.exe -c filebeat.yml -e -d "*"
  9. .\filebeat.exe setup
  10. Start-Service filebeat
  11. Checked if the service was running in Get-Service and it was running.
  12. When I check that data is received from the Filebeat suricata module button I get
    " No Data Was Received"

Can someone tell me where I'm making a mistake ?
Why can't I ingest data into elastic cloud ?

2

Where is your Suricata eve.log file located at?

You might need to configure the module with this path. On Windows it's looking in c:/program files/suricata/log/eve.json by default. See the docs for details on configuring a path.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.