Filebeat 7.2 on pfsense

aztag · July 3, 2019, 1:58pm

Hi,

I am new to ELK, and currently implementing a SIEM using the ELK stack alongside a pfsense firewall with suricata.
The ELK stack is set up, pfsense with suricata also. I can send and visualize the firewall logs on kibana (pretty easily), but not the suricata ones. I'd like to use filebeat to ship suricata's logs to logstash and etc. but can't get a hand on an up to date version of filebeat (7.2) for freebsd as elastic doesn't support this OS. However, I found an old filebeat pkg for freebsd : version 6.7.1.

Is it possible to run the latest versions of the ELK (7.2) with filebeat 6.7.1 or should i downgrade my stack to the same version?

Or, is there a way to make filebeat pkg for freebsd using a linux one (deb or rpm)?

Or perhaps should I find an other way to ship my suricata's logs to ELK not using filebeat?

Thanks for your answers

faec · July 5, 2019, 8:58pm

Welcome! The simplest thing to try would be to build filebeat 7.2 from source -- from what I have seen this is fairly straightforward. If this is an important use case for you, you might also want to chime in on this github issue, as it might be that the obstacles to updating the standard package are fewer than they used to be.

aztag · July 9, 2019, 9:30am

Thank you ! I will look into these links and try to build from source. I'll update on whether I was successful or failed and go on another solution.

system · August 6, 2019, 9:30am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.