Support #2660
closed
structing fast.log and store to elasticsearch
Added by Hao Han about 6 years ago.
Updated over 5 years ago.
Description
As we all know that eve.json can be outputed as json to redis. Then logstash can be used to pull the structured data from redis to elasticsearch.
And I still need to store the fast.log to elasticsearch. How can I structuring fast.log and output the structed data to elasticsearch?
out of curiosity: why would you want this? The eve.alert records are trivial to pass to ES, with fast.log you will need to some kind of parsing before passing it to ES somehow
Victor Julien wrote:
out of curiosity: why would you want this? The eve.alert records are trivial to pass to ES, with fast.log you will need to some kind of parsing before passing it to ES somehow
Thanks your replies. We want to visualize suricata's alerts with kibana.
I not sure I understand why you wouldn't just use the EVE alert records for this.
- Status changed from New to Closed
Also available in: Atom
PDF