amelia
Reputation: 39
How to send zeek logs to a port via tcp or udp?
I have zeek installed in centos 9 stream , i want to send the logs generated to a specified port via tcp or udp as i need this to send logs to a collector configured in a SIEM , is there a zeek script or plugin that enables this ? I only want to use zeek without a 3rd party for forwarding.
Upvotes: 0
Views: 26
Answers (1)
Christian
Reputation: 1549
It depends on the ingestion format your SIEM expects. You can use Zeek's built-in file logging with something like Filebeat, or add one of the Zeek packages that add additional export formats for Kafka, NATS, ZeroMQ, etc. This might get you started.
I suggest you swing by Zeek's Discourse or Slack, you're likely to get better support there. See here for links.
Upvotes: 0
Related Questions
- How to see all the logs
- What is the largest TCP/IP network port number allowable for IPv4?
- Iperf3 uses TCP and UDP to work. I can only use UDP. How to tunnel the TCP connection alongside UDP so it works without setting a real TCP connection?
- Convert UDP to TCP - Ngrok TCP => UDP
- C# How to send string via UDP without Port Forwarding?