Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    External log capability in Suricata/snort??

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 371 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Cool_CoronaC
      Cool_Corona
      last edited by

      Hi there

      Looking to export IDS/IPS logs to an external server. Any ideas??

      Thinking of building a heatmap on elasticsearch for visualizing the logs and beeing able to show them on a specific IP.

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by bmeeks

        The only external export methods currently supported are syslog (in both packages) and Redis (in Suricata only). Most exporting from Suricata depends on the EVE JSON logging options being enabled.

        I strongly discourage the use of the Barnyard2 option as that package has not been maintained and hasn't been updated in FreeBSD ports in years. I plan to remove it from both Snort and Suricata in the near future due to security vulnerabilities in the MySQL database client dependency it drags in.

        Although there is no official pfSense GUI package for it, there is a logstash-forwarder port in FreeBSD ports that might work for you to get Suricata data over to an ELK stack.

        1 Reply Last reply Reply Quote 1
        • Cool_CoronaC
          Cool_Corona
          last edited by

          Thks :)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.