neu5ron
commented
3 years ago HELK supports all beat's input via logstash port 5044. see design here: https://github.com/Cyb3rWard0g/HELK/blob/master/docs/images/LOGSTASH-Design.png
so all you should need to do is set logstash output in packbeat to the HELK IP via port 5044.
let me know if that helps
Cyb3rWard0g
Hello there, i am very new to docker and elk, just learning, so sory for the questions. i try to attach PacketBeat on a windows-box to the Helk (LinuxBox) Normally i use elastic as output for PacketBeat which is configured in the packetbeat.yml
When i do a packetbeat setup -e the error is The Remotehosts denies connection. I definded the ip for elastic and the port --> no success i defined username to elastic --> no success i dont know the password for the elasticsearch, it wasnt displayed during the installation. I believe its set to localhost only, which seems to be normal. i also tried to deliver to kafka, as it works for winlogbeat, but error message hier says index management is requested but elasticsearch output is disabled, which means for me i need elasticsearch as output not kafka.
How can i attach the packetbeat to leastic? Where can i see the elastic user / password? Where can i see the settings for elastic, i believe the elasticsearch.yml file ? I was not able to locate it.
thanks in advance