Suricata-IDS and ELK

I have a Suricata-IDS server and I want to see the logs by ELK. I don't like to install the ELK package on my Suricata-IDS server. I want to know is "Beats" enough for my Suricata-IDS server? How can I harden "Betas"?

Thank you.


What do you mean by enough? I'm using it for my own Suricata-IDS and it works pretty good.

You could use SSL and Keystore so you don't have to save sensitive information in plain text.

As I said, I don't like to install any extra packages on Suricata-IDS server. Is "Beats" enough for sending logs to ELK on another server?

Sending logs to ELK on another server is what beats are made to do and they're doing it great! so yes they would be enough and you don't need to install any extra packages.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.