Closed ngms17 closed 3 years ago
Hi,
Seconding this query. I'd like to leverage logs from a suricata instance on my network for threat hunting via HELK. In theory I assume I'd direct the Suricata logs to Elasticsearch - however it doesn't look like the Elasticsearch running via Docker (I chose install option 3) is set to listen on any external network interface, unlike Kibana. Clarification around why this is and the best way to use Suricata logs with HELK would be appreciated.
@ngms17 @lucian-samosata they should now go to logs index - you can send beats to port 5044.
reopen if any other issues or questions.
Hi!
It is possible to send suricata logs via Filebeat?