SELKS/Suricata output to another probe or SOC - Githubissues

StamusNetworks / SELKS

A Suricata based IDS/IPS/NSM distro

https://www.stamus-networks.com/open-source/#selks

GNU General Public License v3.0

1.37k stars 278 forks source link

SELKS/Suricata output to another probe or SOC #464

Open michal25 opened 1 month ago

michal25 commented 1 month ago

Is there an existing feature request that has already been created?

[X] I have searched the exiting features requests

Is your feature request related to a problem? Please describe.

My question is. Is it possible to forward SELKS/Suricata output to another probe or SOC?

Destination probe will mark the data as Probe1, Probe2 etc.

Searching machines will find issues with answer yes, but no text about HOW. For example snort / barnyard had this possibility and it was very useful.

Describe the solution you would like?

URL to manual how to use the options in the suricata.yaml configuration file.

Alternative Solutions

No response

Additional Context

No response

pevma commented 1 month ago

Yes, you can do that on any suricata install - just use filebeat for example to forward the logs.