Hello All,
Is it possible to send the logs to a external SIEM server through syslog configuration using filebeat? If yes could you please give me a reference link because i am not able to find a output type as syslog in filebeat configuration.
Also is it possible to use a single filebeat installation to write the logs to elasticsearch as well as forward to external SIEM server using filebeat.
Thank You
Hello Team,
Any help will be appreciated!!
Thank you
Hi!
Filebeat's supported outputs are supposed to be mainly datastores, aggregators, message queues. You can fine the list at https://www.elastic.co/guide/en/beats/filebeat/current/configuring-output.html.
Maybe you can send logs to Logstash and then have Logstash sending to syslog: https://www.elastic.co/guide/en/logstash/current/plugins-outputs-syslog.html
C.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.