X-Pack is included in free Basic version of Elasticsearch and you should use it. Here are my notes how i configured Elasticsearch, Logstash and Kibana to use X-Pack and SSL.
Tag: logstash
Send logs from Synology DSM to Logstash
It is easy to send and parse Synology DSM logs into Elasticsearch with Logstash.
Send audit logs to Logstash with Filebeat from Centos/RHEL
Install Filebeat Add repositories https://www.elastic.co/guide/en/beats/filebeat/current/setup-repositories.html Install sudo yum install filebeat sudo systemctl enable filebeat Configure Filebeat sudo cp -av /etc/filebeat/filebeat.yml /etc/filebeat/filebeat.yml.default sudo vim /etc/filebeat/filebeat.yml filebeat.inputs: filebeat.config.modules: path: ${path.config}/modules.d/*.yml reload.enabled: false output.logstash: hosts: ["LOGSTASHIP:5044"] processors: - add_host_metadata: ~ - add_cloud_metadata: ~ logging.to_syslog: false logging.to_files: true logging.files: path: "/var/log/filebeat" name: "filebeat.log" keepfiles: 7 sudo filebeat modules enable … Continue reading Send audit logs to Logstash with Filebeat from Centos/RHEL
Suricata logs to Logstash with Filebeat on pfSense 2.4
I'm using EVE JSON output. Enable EVE from Service - Suricata - Edit interface mappingEVE Output Settings EVE JSON Log [x] EVE Output Type: File Install Filebeat FreeBSD package https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/ Find beats-x.x.x.txz curl -o beats-x.x.x.txz https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/beats-x.x.x.txz pkg add beats-x.x.x.txz Download modules https://www.elastic.co/downloads/past-releases Download same version Filebeat LINUX 64-BIT curl -o filebeat-x.x.x-linux-x86_64.tar.gz https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-x.x.x-linux-x86_64.tar.gz curl -o filebeat-x.x.x-linux-x86_64.tar.gz.sha512 … Continue reading Suricata logs to Logstash with Filebeat on pfSense 2.4
