Hi there !
I'm currently collecting LDAP logs (RHDS) with filebeat.
As you know, there isn't any module for these type of logs. However, I would like to be able to create alert on Elastic security based on these logs.
This mean I need to parse this logs with ECS format.
What is the best way to do it ? Directly in Filebeat or through Elastic or Logstash ?
What the configuration should look like ?
Any idea would be welcome.
Cheers
Hi all,
Any help would be appreciated 
I don't know where to start and how to do it. I found some info there : GitHub - ltb-project/openldap-elk: ELK configuration to parse OpenLDAP logs
I tried it but it's not working. Moreover this is not parsed to the ECS format.
I send my logs directly to Elasticsearch, so I imagine that I need to write a grok function in an ingest node pipeline. Correct me if I'm wrong.
Cheers
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.