Configuring Beats to send logs to a SIEM and Logstash in parallel

s.essa · October 6, 2017, 6:46pm

Hi there,

The configuration guide obviously mentions log output to elasticsearch and logstash but I'm wondering if it is possible to send the logs directly to a SIEM, something outside of the Elastic stack. I know Beats is capable of multiple outputs and I'm trying to avoid going through Logstash. (think of it in the sense that I'm sending it to Logstash AND a SIEM in parallel).

In my case it is Logrhythm but I'm curious about any SIEM.

Can anyone help me out?

Thanks

warkolm · October 6, 2017, 9:05pm

You can only send to one of the outputs that are defined in the docs.
It might be easier for you to send things to Logstash and let it fork the outputs/

system · October 27, 2017, 6:46pm

This topic was automatically closed after 21 days. New replies are no longer allowed.

Topic		Replies	Views
Using Elastic SIEM and ML with Beats and Logstash SIEM	13	1589	September 8, 2020
Sending logs to external SIEM via syslog using filebeat Beats filebeat	3	5156	August 10, 2020
Beats output to Logstash AND Elastic? Beats filebeat , packetbeat , auditbeat	7	443	September 14, 2021
Can we both enable outputs for Elasticsearch and Logstash? Beats filebeat	5	2207	April 20, 2018
Filebeat -> Logstash -> ElasticSearch with multiple outputs Elasticsearch	7	647	April 19, 2021

Configuring Beats to send logs to a SIEM and Logstash in parallel

Related topics