This is more of an observation than a complaint; so far, it has been super simple to implement and use (much, much more straightforward than SecurityOnion or the whole Elastic stack).
The thing I could not find in the documentation was how to setup NXLog to send logs that Logstash could understand, I got the port, but it was missing the portion in which to_json(); has to be added for it to work and for the data actually to be interpreted.
This is more of an observation than a complaint; so far, it has been super simple to implement and use (much, much more straightforward than SecurityOnion or the whole Elastic stack).
The thing I could not find in the documentation was how to setup NXLog to send logs that Logstash could understand, I got the port, but it was missing the portion in which
to_json();
has to be added for it to work and for the data actually to be interpreted.Example below: