search

cisagov / Malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
https://cisagov.github.io/Malcolm/
Other
1.96k stars 330 forks source link

replace logstash with fluentd #481

Open mmguero opened 1 week ago

mmguero commented 1 week ago

@mmguero cloned issue idaholab/Malcolm#103 on 2022-06-08:

Now that we're not using Elastic any more, it may make sense to replace Logstash with fluentd. See #102 for the client side of things. There is a lot of logic surrounding the logstash pipelines, though. We may decide to keep logstash (for now at least) as there is an official OpenSearch output plugin for it, even if we decide to move away from beats.

mmguero commented 1 week ago

@mmguero commented on 2023-06-15:

If/when we decide to do this, actually fluent bit with [lua](https://docs.fluentbit.io/manual/pipeline/filters/lua] scripting will be the way we go, i think.

mmguero commented 1 week ago

@mmguero commented on 2023-06-15:

https://docs.fluentbit.io/manual/about/fluentd-and-fluent-bit