Hi,
I am trying to automatically deliver logs from external server to my nagios network(Eg: Cylance logs)
And external vendor says that they will be able to share logs through syslog server.
Please help me if nagios log server is set as syslog server?
Logs from external server
Re: Logs from external server
NLS can receive syslog data and does by default on port 5544. So if you configure your devices to send syslog data to the NLS on port 5544 you should see the traffic in the dashboard without any further config.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Logs from external server
Is t mandatory to use only port 5544?
Or syslog can be configured to any other port to receive external logs?
Or syslog can be configured to any other port to receive external logs?
Re: Logs from external server
And we would want to gt the logs with some secured token.
Is it possible to generate secured token to receive logs in secured mode?
Else suggest me for best option
Is it possible to generate secured token to receive logs in secured mode?
Else suggest me for best option
Re: Logs from external server
Are you looking to encrypt the communication? The syslog input(the port is configurable btw) doesn't offer this(https://www.elastic.co/guide/en/logstas ... yslog.html) but other inputs(https://www.elastic.co/guide/en/logstas ... ugins.html) like tcp and httpd do.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Logs from external server
Yeah, I would like to encrypt the communication and receive syslog through SSL.
Re: Logs from external server
the tcp input would probably be your best bet then. For example:
tcp {
port => 4455
ssl_enable => true
ssl_cert => "/etc/ssl/certs/logstash.crt"
ssl_key => "/etc/ssl/private/logstash.key"
}
https://www.elastic.co/guide/en/logstas ... s-tcp.html has more details on the input. I believe the above will work but have not had time to test it. Please let me know if you have any questions or trouble setting it up.
tcp {
port => 4455
ssl_enable => true
ssl_cert => "/etc/ssl/certs/logstash.crt"
ssl_key => "/etc/ssl/private/logstash.key"
}
https://www.elastic.co/guide/en/logstas ... s-tcp.html has more details on the input. I believe the above will work but have not had time to test it. Please let me know if you have any questions or trouble setting it up.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Logs from external server
Thanks for the reply.
How can I generate custom token from Nagios Log server to share with my external logsource?
How can I generate custom token from Nagios Log server to share with my external logsource?
Re: Logs from external server
I found https://help.sumologic.com/Send-Data/Ap ... or-Cylance is this similar to the device you're trying to send logs from? The Custom Token appears to be unique for that device and I'm not sure what it needs there but I don't think NLS will be able to provide it based on the input's available options.
What are the options available in the SIEM drop down? Is there something besides SumoLogic?
What are the options available in the SIEM drop down? Is there something besides SumoLogic?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Logs from external server
These are the other options available for me
You do not have the required permissions to view the files attached to this post.