Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    sending zeek logs via syslog or filebeat

    Scheduled Pinned Locked Moved Traffic Monitoring
    4 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      darrell.miller
      last edited by

      anyone have any luck getting seek logs to send through syslog or a good reliable walkthrough for getting filbert onto pfsense?

      I haven't had much luck, any suggestions would be appreciated

      L 1 Reply Last reply Reply Quote 0
      • L
        l.marques @darrell.miller
        last edited by

        @darrell-miller Have you figured it out yet? I am in this same crusade

        L 1 Reply Last reply Reply Quote 0
        • L
          l.marques @l.marques
          last edited by

          If anyone else is trying to do that, use syslog-ng, it is a package that can be added from the web interface. You will have to study how to send it to the network though, but it is not hard

          1 Reply Last reply Reply Quote 0
          • T
            theish
            last edited by

            Looking at this myself, haven't tested yet though.

            Appears that syslog-ng (an available package) will collect messages from text files. So similar to filebeats or splunkd, it should be able to read the files in from /usr/local/logs/current/. for remote delivery.

            https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.17/administration-guide/18#TOPIC-989607

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.