Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    External log capability in Suricata/snort??

    IDS/IPS
    2
    3
    113
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Cool_Corona last edited by

      Hi there

      Looking to export IDS/IPS logs to an external server. Any ideas??

      Thinking of building a heatmap on elasticsearch for visualizing the logs and beeing able to show them on a specific IP.

      1 Reply Last reply Reply Quote 0
      • bmeeks
        bmeeks last edited by bmeeks

        The only external export methods currently supported are syslog (in both packages) and Redis (in Suricata only). Most exporting from Suricata depends on the EVE JSON logging options being enabled.

        I strongly discourage the use of the Barnyard2 option as that package has not been maintained and hasn't been updated in FreeBSD ports in years. I plan to remove it from both Snort and Suricata in the near future due to security vulnerabilities in the MySQL database client dependency it drags in.

        Although there is no official pfSense GUI package for it, there is a logstash-forwarder port in FreeBSD ports that might work for you to get Suricata data over to an ELK stack.

        1 Reply Last reply Reply Quote 1
        • C
          Cool_Corona last edited by

          Thks :)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy