How to get syslog logs into securityonion 2.3? #2349
-
|
I have a single manager with four sensors and two search nodes, after running so-allow, which host am I supposed to send traffic to? I ran across this thread, but it doesn't answer my question directly, good start for syslog setup though: This link suggests they get sent to the individual sensor: |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
|
You can send syslog to any node (since every node type runs Filebeat, which is the syslog receiver). You just need to make sure the firewall allows the connection. |
Beta Was this translation helpful? Give feedback.
-
|
So there isn't any type of HA builtin? You have to pin certain syslog generators to whatever you deem is the most relevant node to accept it? Would a seperate nginx reverse proxy for syslog that uses all of the nodes as a backend be the way to go? |
Beta Was this translation helpful? Give feedback.
-
|
I can't get any logs from my devices to show up in SecurityOnion. I have opened up the firewall, I can see the traffic with tcpdump. But Kibana shows nothing. |
Beta Was this translation helpful? Give feedback.
-
|
@djeronimo You're replying to an old discussion from 2020. Instead of replying to old discussions, please start a new discussion. Thanks! |
Beta Was this translation helpful? Give feedback.
-
|
I Jave @dougburks. No replies yet. |
Beta Was this translation helpful? Give feedback.
You can send syslog to any node (since every node type runs Filebeat, which is the syslog receiver). You just need to make sure the firewall allows the connection.