securityonion-elastic: Logstash should include all inputs #1269

dougburks · 2018-06-22T14:33:12Z

Currently, if you have a master server and storage nodes, then logstash on the master server only consumes from syslog. This prevents sending beats and other inputs.

We need to ensure that Logstash includes all inputs. In the meantime, folks should be able to add inputs manually like the following:

sudo ln -sf ../conf.d.available/0006_input_beats.conf /etc/logstash/conf.d.redis.output/0006_input_beats.conf
sudo so-logstash-restart

For more information, please see:
https://groups.google.com/d/topic/security-onion/dQuiY1bTvg8/discussion

The text was updated successfully, but these errors were encountered:

dougburks · 2018-08-17T18:42:35Z

commit:
Security-Onion-Solutions/securityonion-elastic@e8f62bf

dougburks · 2018-08-17T23:22:01Z

Submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/UimOraRDKnc/discussion

dougburks · 2018-08-27T13:36:11Z

Published:
https://blog.securityonion.net/2018/08/elastic-632-now-available-for-security.html

dougburks changed the title ~~Logstash should include all inputs~~ securityonion-elastic: Logstash should include all inputs Aug 16, 2018

dougburks closed this as completed Aug 27, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

securityonion-elastic: Logstash should include all inputs #1269

securityonion-elastic: Logstash should include all inputs #1269

dougburks commented Jun 22, 2018

dougburks commented Aug 17, 2018

dougburks commented Aug 17, 2018

dougburks commented Aug 27, 2018

securityonion-elastic: Logstash should include all inputs #1269

securityonion-elastic: Logstash should include all inputs #1269

Comments

dougburks commented Jun 22, 2018

dougburks commented Aug 17, 2018

dougburks commented Aug 17, 2018

dougburks commented Aug 27, 2018