Follow this step by step guide to get 'logs' from your system to Logit.io:
Step 1 - Configure Stormshield to output to syslog
Configure your Stormshield syslog server to output logs in legacy format over tcp port 6515.
See Stormshield Syslog Tab for more information on logging.
Step 3 - Configure Filebeat.yml
The configuration file below is pre-configured to send data to your Logit.io Stack.
Copy the configuration file below and overwrite the contents of the Filebeat configuration file typically located at
# ============================== Filebeat inputs =============================== filebeat.inputs: - type: tcp max_message_size: 10MiB host: "0.0.0.0:6515" enabled: true fields: type: fields_under_root: true encoding: utf-8 ignore_older: 12h # ================================== Outputs =================================== output.logstash: hosts: ["your-logstash-host:your-ssl-port"] loadbalance: true ssl.enabled: true
If you’re running Filebeat 7, add this code block to the end. Otherwise, you can leave it out.
# ... For Filebeat 7 only ... filebeat.registry.path: /var/lib/filebeat
If you’re running Filebeat 6, add this code block to the end.
# ... For Filebeat 6 only ... registry_file: /var/lib/filebeat/registry
It’s a good idea to run the configuration file through a YAML validator to rule out indentation errors, clean up extra characters, and check if your YAML file is valid. Yamllint.com is a great choice.
Step 4 - Start filebeat
Start or restart to apply the configuration changes.
Step 8 - Check Logit.io for your logs
Now you should view your data:
If you don't see logs take a look at How to diagnose no data in Stack below for how to diagnose common issues.
Step 6 - Storm Sheild Logging Overview
Stormshield is a network security company that provides a range of products and services to protect networks from threats such as viruses, malware, and ransomware. Logging in Stormshield refers to the process of collecting and analyzing log data generated by Stormshield devices to monitor and troubleshoot network security issues.
Stormshield devices generate various types of log data, including system logs, security logs, and application logs. These logs contain information about events such as network traffic, user activity, and security threats.
Stormshield devices provide a range of logging options, including:
Syslog: This is a standard protocol for forwarding log messages across IP networks. Stormshield devices can be configured to send syslog messages to a syslog server, which can be used to collect and analyze log data from multiple devices.
SNMP Traps: SNMP (Simple Network Management Protocol) is a protocol used to manage and monitor network devices. Stormshield devices can be configured to send SNMP traps to a central management system, which can be used to monitor the health and performance of the devices.
Real-time Monitoring: Stormshield devices provide a real-time monitoring interface that enables administrators to view log data in real-time. This can be useful for quickly identifying and responding to security threats or network issues.
Analytics and Reporting: Stormshield devices also provide analytics and reporting capabilities, which enable administrators to analyze log data to identify trends and patterns. This can be useful for identifying areas of the network that may be vulnerable to security threats or for identifying potential performance issues.
Overall, logging in Stormshield devices provides visibility into network activity and security threats, which can help administrators monitor and troubleshoot network issues. Stormshield devices provide a range of logging options, including real-time monitoring, syslog, SNMP traps, and analytics and reporting, which enable administrators to collect and analyze log data to identify and respond to security threats and network issues.