Feeding Snort IDS Alerts to Elastic Kibana

$30-250 USD

已关闭

已发布

超过 3 年前

$30-250 USD

货到付款

I have installed Logstash, filebeat version 7.9.2, elasticsearch 7.10.0, Elastic Kibana 7.10.0 and Snort 3 everything is up and running I just need to feed my alerts into Elastic Kibana. Snort is monitoring 3 interfaces. So I want to get the alerts in the discovery. Right now Snort is feeding my Elastic by Logstash but the grok is not properly indexing. please see the attached picture. you should use zoom for remote access to my computer for configuring my host. So I need to to send structured Snort IDS alert logs into ELK.

Elasticsearch

项目 ID: 28240830

关于此项目

2提案

远程项目

活跃3 年前

想赚点钱吗？

电子邮箱地址

在Freelancer上竞价的好处

设定您的预算和时间范围

为您的工作获得报酬

简要概述您的提案

免费注册和竞标工作

2威客以平均价$195 USD来参与此工作竞价

@Kuvvat

hi how are you, you are monitoring gpon traffic i guess, i can parse your logs as you want with logstash and send it to elasticsearch, then you can create kibana tables as you want. need to sample logs to parse them firstly then after making ready logstash filter we can work on zoom to configure server itself. thanks good luck

$240 USD 在7天之内

5.0

(5条评论)

3.5

@vivekgplus

the grok is not working because you have not set up multiline pattern correctly. It is treating each line as a new log, this is why you are getting grok parse failure. I can help you fix the errors. I have more than 3 years of experience with Elasticsearch and Logstash data parsing. I can help you in all possible ways.

$150 USD 在3天之内