-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathNetwork_-_Suricata--Shipping_logs.html
More file actions
12 lines (12 loc) · 1.07 KB
/
Network_-_Suricata--Shipping_logs.html
File metadata and controls
12 lines (12 loc) · 1.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
<!doctype html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>Shipping logs</title>
<meta name="generator" content="CherryTree">
<link rel="stylesheet" href="res/styles3.css" type="text/css" />
</head>
<body>
<div class='page'><h1 class='title'>Shipping logs</h1><br/><h1>Shipping logs<br /></h1><br /><h2>• Logs in eve.json will be shipped to Humio<br />• Filebeat needs to be installed on the system<br />• Create a new token for suricata logs with json-for-action as the parser<br /><br /><br />Filebeat configuration needs to look something like this:<br /><br /></h2><code><h2>filebeat.inputs:<br /><br />- type: log<br /><br /> paths:<br /> - "/var/log/suricata/eve.json"<br /><br />output.elasticsearch:<br /> hosts: ["https://cloud.humio.com:443/api/v1/ingest/elastic-bulk"]<br /><br /> username: "doesntmatter"<br /> password: "1b51c4a5-9787-4000-a830-a37f9c273dc0"<br /> compression_level: 5<br /> bulk_max_size: 200<br /> worker: 5<br /></h2></code><br /></div>
</body>
</html>