Suricata module with remote syslog input

kostiik · January 11, 2021, 11:16am

Hello,

I am unable to configure suricata.yml in filebeat/modules.d to receive suricata logs remotely from syslog instead a local log file.

This post: Using the Filebeat Suricata Module for EVE-Logs in Syslog messages mentions using override input setting, unfortunately I don't know exactly how to do that.

Any help would be appreciated.

David

system · February 8, 2021, 1:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Using the Filebeat Suricata Module for EVE-Logs in Syslog messages Beats beats-module , filebeat	1	936	October 7, 2020
Apply module config to redis input Beats filebeat	1	273	November 15, 2019
Filebeat suricata Beats beats-module , filebeat	10	892	June 28, 2022
No data has been received from this module yet message (Module Suricata) Beats docker , beats-module , filebeat	1	186	May 20, 2024
Filebeat pipping Suricatas eve.json issues Beats filebeat	2	1440	April 1, 2020