Packetbeat: Sending to Nagios Log Server

[nlh]

Hi

Has anyone used Packetbeat from Elasticsearch to send network logs to Nagios Log Server?

If so, what did you do?

Been trawling the internet and not found anything yet.

Thanks, N

[nlh]

I guess it might be easier to try and say what I want to do.

I'm looking to monitor when things are transferred off a server somewhere else. Nothing fancier than that.

[ssax]

Fair warning, I've never used this before.

I installed packetbeat on a Linux server:

https://www.elastic.co/guide/en/beats/p ... ation.html

I disabled the elasticsearch output in /etc/packetbeat/packetbeat.yml and enabled the logstash one:

Code: Select all

#output.elasticsearch:
  # Array of hosts to connect to.
  #hosts: ["localhost:9200"]

  # Protocol - either `http` (default) or `https`.
  #protocol: "https"

  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
  #username: "elastic"
  #password: "changeme"

# ------------------------------ Logstash Output -------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["192.168.X.X:5044"]

Then I ran these commands on the linux system:

Code: Select all

packetbeat setup -e
sudo service packetbeat start

The I added this under inputs in Nagios Log Server:

Code: Select all

beats {
    port => 5044
}

Save and apply and they were coming in.

I assume that will send in a TON of data and increase the size of your indexes in Nagios Log Server so I would keep an eye on how it impacts your system, you would need to reach out to elastic for support on the packetbeat utility and customizing it to your needs.

[nlh]

Thank you will give it a go!

[cdienger]

Sounds good! Keep us posted.