Suricata related question

Open ngms17 opened this issue 4 years ago • 1 comments

Hi!

It is possible to have a second server only running suricata and install rockNSM on another and fetch the logs via Filebeat?

Or, it must be all local?

Cheers!

Mar 17 '21 16:03 ngms17

You need to reconfigure elastic to have a listener on the network or tunnel the filebeat traffic to the machine.

But it is possible.

You may also consider a multi-node setup such as documented.

Mar 25 '21 06:03 JLT032