OpenVAS
Ship OpenVAS reports to logstash
Follow this step by step guide to get 'logs' from your system to Logit.io:
Step 1 - Create OpenVAS Report
OpenVAS reports are typically generated manually.
After completing a scan in OpenVAS, perform the following steps to generate a CSV report.
Click the Scans tab, then select Reports.
Select a report from the list of results.
This will open the report summary.
Select CSV Results from the drop-down menu and click the download option.
Step 3 - Configure Filebeat
Copy and use the Filebeat configuration below.
Update the file path placeholder with the file path of the folder where you’ll be keeping your OpenVAS reports.
# ============================== Filebeat inputs ==============================
filebeat.inputs:
- type: log
paths:
- <INSERT_PATH_TO_OPENVAS_REPORT>*.csv
fields:
type: openvas
fields_under_root: true
encoding: utf-8
ignore_older: 3h
multiline:
pattern: '^(?:[0-9]{1,3}\.){3}[0-9]{1,3}'
negate: true
match: after
filebeat.registry.path: /var/lib/filebeat
# ================================== Outputs ===================================
<div class="sw-warning">
<div>
<img src="/images/source-wizard/warning-triangle.svg">
</div>
<div>
<b>No input available! </b> Your stack is missing the required input for this data source <a href="#" onclick="Intercom('showNewMessage')" class="btn btn-info btn-sm">Talk to support to add the input</a>
</div>
</div>
Step 4 - Start filebeat
Start or restart to apply the configuration changes.
Step 5 - Check Logit.io for your logs
Now you should view your data:
If you don't see logs take a look at How to diagnose no data in Stack below for how to diagnose common issues.
Step 6 - how to diagnose no data in Stack
If you don't see data appearing in your Stack after following the steps, visit the Help Centre guide for steps to diagnose no data appearing in your Stack or Chat to support now.