Configuring Beats to send logs to a SIEM and Logstash in parallel

s.essa · October 6, 2017, 6:46pm

Hi there,

The configuration guide obviously mentions log output to elasticsearch and logstash but I'm wondering if it is possible to send the logs directly to a SIEM, something outside of the Elastic stack. I know Beats is capable of multiple outputs and I'm trying to avoid going through Logstash. (think of it in the sense that I'm sending it to Logstash AND a SIEM in parallel).

In my case it is Logrhythm but I'm curious about any SIEM.

Can anyone help me out?

Thanks

warkolm · October 6, 2017, 9:05pm

You can only send to one of the outputs that are defined in the docs.
It might be easier for you to send things to Logstash and let it fork the outputs/

system · October 27, 2017, 6:46pm

This topic was automatically closed after 21 days. New replies are no longer allowed.