Logo
2.3

Table of Contents

  • About
  • Introduction
  • License
  • First Time Users
  • Getting Started
  • Security Onion Console (SOC)
  • Analyst VM
  • Network Visibility
  • Host Visibility
  • Logs
    • Ingest
    • Filebeat
    • Logstash
    • Redis
    • Elasticsearch
    • ElastAlert
    • Curator
    • Data Fields
    • Alert Data Fields
    • Elastalert Fields
    • Zeek Fields
    • Community ID
    • Re-Indexing
    • SOC Logs
    • Other Supported Logs
  • Updating
  • Accounts
  • Services
  • Customizing for Your Environment
  • Tuning
  • Tricks and Tips
  • Utilities
  • Help
  • Security
  • Appendix
  • Release Notes
  • Cheat Sheet
Security Onion
  • Docs »
  • Logs
  • Edit on GitHub

Logs¶

Once logs are generated by network sniffing processes or endpoints, where do they go? How are they parsed? How are they stored? That’s what we’ll discuss in this section.

  • Ingest
    • Import
    • Eval
    • Standalone
    • Fleet Standalone
    • Manager (separate search nodes)
    • Manager Search
    • Heavy
    • Search
    • Forward
  • Filebeat
    • Configuration
    • Diagnostic Logging
    • Modules
    • More Information
  • Logstash
    • Configuration
    • Parsing
    • Adding New Logs
    • Logstash Parsing
    • Forwarding Events to an External Destination
    • Original Event Forwarding
    • Modified Event Forwarding
    • Queue
    • Diagnostic Logging
    • Errors
    • More Information
  • Redis
    • Queue
    • Tuning
    • Diagnostic Logging
    • More Information
  • Elasticsearch
    • Querying
    • Authentication
    • Diagnostic Logging
    • Storage
    • Parsing
    • Templates
    • Community ID
    • Configuration
    • Closing Indices
    • Deleting Indices
    • Distributed Deployments
    • Re-indexing
    • Clearing
    • GeoIP
    • More Information
  • ElastAlert
    • Configuration
    • Diagnostic Logging
    • More Information
  • Curator
    • Configuration
    • Creating Actions
    • Diagnostic Logging
    • Curator vs Index Lifecycle Management (ILM)
    • More Information
  • Data Fields
    • ECS
    • Fields
    • Template files
  • Alert Data Fields
  • Elastalert Fields
  • Zeek Fields
  • Community ID
    • More Information
  • Re-Indexing
  • SOC Logs
    • SOC Auth Logs
  • Other Supported Logs
    • Example: pfSense
    • Example: RITA
Next Previous

© Copyright 2023 Revision e13319ea.

Built with Sphinx using a theme provided by Read the Docs.
Read the Docs v: 2.3
Versions
latest
2.4
2.3
Downloads
pdf
html
epub
On Read the Docs
Project Home
Builds

Free document hosting provided by Read the Docs.