Logs

Once logs are generated by network sniffing processes or endpoints, where do they go? How are they parsed? How are they stored? That’s what we’ll discuss in this section.

• Ingest
  • Import
  • Eval
  • Standalone
  • Fleet Standalone
  • Manager (separate search nodes)
  • Manager Search
  • Heavy
  • Search
  • Sensor
• Logstash
  • Configuration
  • Parsing
  • Forwarding Events to an External Destination
  • Original Event Forwarding
  • Modified Event Forwarding
  • Queue
  • Diagnostic Logging
  • Errors
  • More Information
• Redis
  • Queue
  • Tuning
  • Diagnostic Logging
  • More Information
• Elasticsearch
  • Storage
  • Schema
  • Querying
  • Authentication
  • Indexing
  • Configuration
  • Parsing
  • Cluster
  • Elasticsearch Node Roles
  • Templates
  • Community ID
  • field expansion matches too many fields
  • Shards
  • Heap Size
  • Field limit
  • Re-indexing
  • Clearing
  • GeoIP
  • Health
  • Status Pending
  • Index Management
  • Diagnostic Logging
  • More Information
• ElastAlert 2
  • Sigma Rules
  • Custom Rules
  • Diagnostic Logging
  • Configuration
  • More Information
• Data Fields
  • ECS
  • Fields
  • Template files
• Alert Data Fields
• Elastalert Fields
• Zeek Fields
• Community ID
  • More Information
• SOC Logs
  • SOC Auth Logs