Hi there !
I'm currently collecting LDAP logs (RHDS) with filebeat.
As you know, there isn't any module for these type of logs. However, I would like to be able to create alert on Elastic security based on these logs.
This mean I need to parse this logs with ECS format.
What is the best way to do it ? Directly in Filebeat or through Elastic or Logstash ?
What the configuration should look like ?
Any idea would be welcome.
Cheers