Forward Logstash logs to a secondary remote document store

cisagov / Malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

https://cisagov.github.io/Malcolm/

Other

1.96k stars 331 forks source link

Forward Logstash logs to a secondary remote document store #497

Closed devilman85 closed 3 hours ago

devilman85 commented 5 hours ago

to the question... Forward Logstash logs to a secondary remote document store? (y / N): y

Having a cluster with 3 data elastic serach nodes and a logstash machine, do I forward the data to my logstash?

mmguero commented 3 hours ago

No, this is for forwarding to a secondary remote elasticsearch instance in addition to Malcolm's primary opensearch/elasticsearch instance. The logs go through Malcolm's logstash pipeline prior to forwarding.