Page 1 of 1
Packetbeat: Sending to Nagios Log Server
Posted: Fri Mar 05, 2021 8:03 am
by nlh
Hi
Has anyone used Packetbeat from Elasticsearch to send network logs to Nagios Log Server?
If so, what did you do?
Been trawling the internet and not found anything yet.
Thanks, N
Re: Packetbeat: Sending to Nagios Log Server
Posted: Fri Mar 05, 2021 8:55 am
by nlh
I guess it might be easier to try and say what I want to do.
I'm looking to monitor when things are transferred off a server somewhere else. Nothing fancier than that.
Re: Packetbeat: Sending to Nagios Log Server
Posted: Fri Mar 05, 2021 6:30 pm
by ssax
Fair warning, I've never used this before.
I installed packetbeat on a Linux server:
https://www.elastic.co/guide/en/beats/p ... ation.html
I disabled the elasticsearch output in
/etc/packetbeat/packetbeat.yml and enabled the logstash one:
Code: Select all
#output.elasticsearch:
# Array of hosts to connect to.
#hosts: ["localhost:9200"]
# Protocol - either `http` (default) or `https`.
#protocol: "https"
# Authentication credentials - either API key or username/password.
#api_key: "id:api_key"
#username: "elastic"
#password: "changeme"
# ------------------------------ Logstash Output -------------------------------
output.logstash:
# The Logstash hosts
hosts: ["192.168.X.X:5044"]
Then I ran these commands on the linux system:
Code: Select all
packetbeat setup -e
sudo service packetbeat start
The I added this under inputs in Nagios Log Server:
Save and apply and they were coming in.
I assume that will send in a TON of data and increase the size of your indexes in Nagios Log Server so I would keep an eye on how it impacts your system, you would need to reach out to elastic for support on the packetbeat utility and customizing it to your needs.
Re: Packetbeat: Sending to Nagios Log Server
Posted: Thu Mar 11, 2021 3:05 am
by nlh
Thank you will give it a go!
Re: Packetbeat: Sending to Nagios Log Server
Posted: Thu Mar 11, 2021 10:38 am
by cdienger
Sounds good! Keep us posted.