[Feature Request] Support for multiple lines of SYSLOG_SERVER= and LOGSTASH_SERVER= options

stamparm / maltrail

Malicious traffic detection system

MIT License

6.59k stars 1.09k forks source link

[Feature Request] Support for multiple lines of SYSLOG_SERVER= and LOGSTASH_SERVER= options #15164

Open MikhailKasimov opened 3 years ago

MikhailKasimov commented 3 years ago

Hello!

Subj

E.g.:

SYSLOG_SERVER=192.168.1.15:514
SYSLOG_SERVER_1=192.168.1.16:514
SYSLOG_SERVER_2=192.168.1.17:514

...

LOGSTASH_SERVER=192.168.1.15:5000
LOGSTASH_SERVER_1=192.168.1.16:5000
LOGSTASH_SERVER_2=192.168.1.17:5000

to send info simultaneously to various of log-servers\SIEMs.

EugeneFenko commented 2 years ago

Hi, I'm trying to set up two logstash servers in the maltrail.conf for sensor configuration, but it's not working.

Here is an example: LOGSTASH_SERVER 192.168.0.10:3514 - it's work LOGSTASH_SERVER_1 192.168.0.11:3514 - it's doesn't work

By the way, test logs delivered successful from sensor to second log server.

@MikhailKasimov @stamparm help please🙏