Difficulty in enabling Netflow in Filebeat

thebeaoliveira · October 29, 2019, 4:53pm

Hello!

I am starting to test SIEM (v7.4.1) and have come across a bit of trouble enabling Netflow in Filebeat.

I need to do a configuration in Linux (CentOS 7) and Windows Server environments.

I can get the Filebeat service up, but it doesn't send any logs to Elasticsearch.

I already tested the config and it returns OK.

I suppose that might be the way I'm addressing the logs, in this case the paths I'm using are these:

Windows:

- C:\Windows\System32\winevt\Logs\Security
- C:\Windows\System32\winevt\Logs\Application

Linux

- /var/log/*.log
- /var/log/messages

Can you tell me if you are right?

system · November 26, 2019, 4:53pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Siem on logstash and filebeat SIEM	2	635	September 27, 2019
Performanceissue with Filebeat and Netflow Input Beats beats-module , filebeat	7	1903	November 3, 2021
7.6.0 on Windows: Netflow and Syslog are not being captured by Filebeat Beats docker , beats-module , windows , filebeat	6	1483	March 25, 2020
Filebeat not send logs to elasticsearch directly Beats filebeat	5	401	August 28, 2020
Send Linux/Windows/NetworkDevices logs to Elastic SIEM SIEM	2	905	July 24, 2020