sof-elk

sof-elk copied to clipboard

install the LS Google pub/sub input plugin and provide instructions on getting data from GCP. "Option 2" here: https://cloud.google.com/solutions/exporting-stackdriver-logging-elasticsearch#configure_logstash Requires plugin addition: https://www.elastic.co/guide/en/logstash/7.11/plugins-inputs-google_pubsub.html Configuration files will need to include a...

philhagen

use json output for nfdump data files

1

The JSON output mode for `nfdump` should provide a better (faster?) and more streamlined processing pipeline than CSV. Some sample records are below. One potential optimization that would be useful...

philhagen

Is SOF-ELK able to ingest SonicWall syslogs?

jcclare

Uploading IIS Logs

2

Hi Phil, Is there a way to manually upload IIS logs instead of ingesting using FileBeat? I noticed the httpd directory only accepts apache logs. Cheers

tiny-diamond

6601-plaso.conf windows events failing grok

3

Hi, Currently working on importing plaso timeline csv into ELK, but it seems that not all events get their event id, computername,.. extracted out of it. Will try to fix...

TjebbeVQ

Multiple ES outputs results in resource overuse, per Elastic's guidance. Merge all ES outputs to one, using a variable for the index name, e.g. `index => "%{something}-%{+YYYY.MM.dd}"`

philhagen

Create Community ID field for NetFlow

4

See https://github.com/corelight/community-id-spec

philhagen

all ruby scripts used by Logstash parsers need tests added

philhagen

Request: Update Script

2

Have the update script let you know if you need to download the new VM version.

PowerPress

consider EvtxToElk

3

See https://dragos.com/blog/20180717EvtxToElk.html

philhagen