4. External log capability in Suricata/snort??

External log capability in Suricata/snort??

  • C

    Hi there

    Looking to export IDS/IPS logs to an external server. Any ideas??

    Thinking of building a heatmap on elasticsearch for visualizing the logs and beeing able to show them on a specific IP.

    0

  • The only external export methods currently supported are syslog (in both packages) and Redis (in Suricata only). Most exporting from Suricata depends on the EVE JSON logging options being enabled.

    I strongly discourage the use of the Barnyard2 option as that package has not been maintained and hasn't been updated in FreeBSD ports in years. I plan to remove it from both Snort and Suricata in the near future due to security vulnerabilities in the MySQL database client dependency it drags in.

    Although there is no official pfSense GUI package for it, there is a logstash-forwarder port in FreeBSD ports that might work for you to get Suricata data over to an ELK stack.

    1
  • C

    Thks :)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy