Hi,
I run the ELK service on ubuntu. I use Filebeat, Elasticsearch and Kibana.
I have a problem about dashboard. Filebeat Iptables dashboard displays a bit of data when I PING, but Ubiquiti Firewall logs does not show anything. How does it show warnings?
Help me please!!! Thanks!!
iptables.yml
# Set which input to use between syslog (default) or file.
var.input: "file"
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths: ["/var/log/kern.log"]
The Ubiquity dashboard is for iptables logs collected from Ubiquiti Networks firewall devices. These devices usually send logs to Filebeat over the network via syslog.
If you have one of those devices, you need to use:
var.input: syslog
var.syslog_host: 0.0.0.0
var.syslog_port: 9001 # change this if needed
And then point your device to send Syslog to the right address so that it can reach Filebeat.
Thanks @adrisr!!
Oh, only devices Ubiquiti Networks can display data in Ubiquiti Firewall logs.
I only use iptables as a firewall. Is there any way to display the blocked address on the kibana dashboard?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.