I have a syslog-ng server which gathers data from Cisco Router, switches, netflow data and firewall related data . The data is stored as flat files. Now, i am looking to send those to ELK SIEM . I see that i can use filebeat and but no idea how can i set it up to fetch from a particular location a…

Fetching Cisco , Firewall logs from syslog-ng server

Ajay_Singh2 (Ajay Singh) June 8, 2020, 1:18pm 12

@tudor i finally got it:

PUT _ingest/pipeline/testpipeline
{
  "description" : "describe pipeline",
  "processors" : [
    {
      "dissect" : {
        "pattern": "/opt/%{host.name}/",
        "field": "log.file.path"
      }
    }
  ]
}

Thanks

1 Like

Topic		Replies	Views
Send Linux/Windows/NetworkDevices logs to Elastic SIEM SIEM	2	987	July 24, 2020
Netflow and Syslog router data point to Logstash or to an intermediate Syslog-NG server? Logstash elastic-stack-security	4	1130	July 17, 2020
Need help with configuring cisco module in filebeat Beats beats-module , filebeat	4	2574	August 16, 2019
Filebeat Fortinet Module + Kibana SIEM Beats filebeat	11	1706	August 11, 2020
Firewall cisco ASA and beats Beats filebeat	6	858	August 5, 2020

Fetching Cisco , Firewall logs from syslog-ng server

Related topics