Skip to content

Example Filebeat to Logstash Configuration

Jump to bottom Edit New page
Jason Ish edited this page May 11, 2020 · 1 revision

These configuration examples assume that Filebeat is running on the same host as Suricata, and Logstash is running somewhere else. Filebeat forwards the events to Logstash, Logstash adds the events to Elasticsearch.

Logstash Configuration

input {
  beats {
    port => 5044
    codec => "json"
  }
}

output {
  elasticsearch {
    hosts => "http://elasticsearch:9200"
 }
}

Filebeat Configuration

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /var/log/suricata/eve.json

output.logstash:
  hosts: ["logstash:5044"]
Add a custom footer
Add a custom sidebar
Clone this wiki locally