botelastic[bot]
commented
1 year ago This issue doesn't have a Team:<team> label.
Closed Aqualie closed 2 weeks ago
botelastic[bot]
commented
1 year ago This issue doesn't have a Team:<team> label.
botelastic[bot]
commented
6 months ago Hi! We just realized that we haven't looked into this issue in a while. We're sorry!
We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!
Describe the enhancement: At present the https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-suricata.html only supports local file however Suricata supports sending events over syslog as well. This request is for adding in support for syslog remote EVE logs https://suricata.readthedocs.io/en/latest/configuration/suricata-yaml.html#eve-extensible-event-format Describe a specific use case for the enhancement or feature: Elastic-Agent & Filebeat are not being actively built & maintained for FreeBSD so the current workaround has been to stream logs to a elastic-agent/filebeat running remotely on a Linux based system. (i.e. https://docs.elastic.co/en/integrations/pfsense ). This works great but Suricata is not supported. I have Suricata running on a BSD system and need the ability to forward all it's logs to either elastic-agent or filebeat similarly how I am doing it for the pfsense plugin.