Page 1 of 2
Logs from external server
Posted: Tue Aug 22, 2017 4:13 pm
by uma K
Hi,
I am trying to automatically deliver logs from external server to my nagios network(Eg: Cylance logs)
And external vendor says that they will be able to share logs through syslog server.
Please help me if nagios log server is set as syslog server?
Re: Logs from external server
Posted: Tue Aug 22, 2017 4:23 pm
by cdienger
NLS can receive syslog data and does by default on port 5544. So if you configure your devices to send syslog data to the NLS on port 5544 you should see the traffic in the dashboard without any further config.
Re: Logs from external server
Posted: Wed Aug 30, 2017 5:52 pm
by uma K
Is t mandatory to use only port 5544?
Or syslog can be configured to any other port to receive external logs?
Re: Logs from external server
Posted: Wed Aug 30, 2017 6:20 pm
by uma K
And we would want to gt the logs with some secured token.
Is it possible to generate secured token to receive logs in secured mode?
Else suggest me for best option
Re: Logs from external server
Posted: Thu Aug 31, 2017 10:27 am
by cdienger
Are you looking to encrypt the communication? The syslog input(the port is configurable btw) doesn't offer this(
https://www.elastic.co/guide/en/logstas ... yslog.html) but other inputs(
https://www.elastic.co/guide/en/logstas ... ugins.html) like tcp and httpd do.
Re: Logs from external server
Posted: Thu Aug 31, 2017 11:39 am
by uma K
Yeah, I would like to encrypt the communication and receive syslog through SSL.
Re: Logs from external server
Posted: Thu Aug 31, 2017 4:09 pm
by cdienger
the tcp input would probably be your best bet then. For example:
tcp {
port => 4455
ssl_enable => true
ssl_cert => "/etc/ssl/certs/logstash.crt"
ssl_key => "/etc/ssl/private/logstash.key"
}
https://www.elastic.co/guide/en/logstas ... s-tcp.html has more details on the input. I believe the above will work but have not had time to test it. Please let me know if you have any questions or trouble setting it up.
Re: Logs from external server
Posted: Mon Oct 02, 2017 12:43 pm
by uma K
Thanks for the reply.
How can I generate custom token from Nagios Log server to share with my external logsource?
Re: Logs from external server
Posted: Mon Oct 02, 2017 2:01 pm
by cdienger
I found
https://help.sumologic.com/Send-Data/Ap ... or-Cylance is this similar to the device you're trying to send logs from? The Custom Token appears to be unique for that device and I'm not sure what it needs there but I don't think NLS will be able to provide it based on the input's available options.
What are the options available in the
SIEM drop down? Is there something besides
SumoLogic?
Re: Logs from external server
Posted: Tue Oct 03, 2017 7:55 pm
by uma K
These are the other options available for me