Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How To install Filebeat on FreeBSD #21066

Closed
Datorresp opened this issue Sep 12, 2020 · 5 comments
Closed

How To install Filebeat on FreeBSD #21066

Datorresp opened this issue Sep 12, 2020 · 5 comments

Comments

@Datorresp
Copy link

Hey everyone,

guys, I need integrate Suricata in my elk dashboards, but Suricata is in a pfsense firewall on FreeBSD, I have been looking for how to install filebeat to be able to integrate with the ELK but nothing works. I found information from 2016 and all packages and ports doesn't work now. Also in elastic's web page, in filebeat instalation, there isn't download option for FreeBSD
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Sep 12, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Sep 14, 2020
@tarkhil
Copy link

tarkhil commented Jan 7, 2021

I have installed filebeat from ports sysutils/beats7 and have some troubles

There is no suricata module in setup, I've extracted it from darwin archive and ...

... well, chown everything to root (chown -R root /usr/local/share/beats/filebeat/module/suricata/ /usr/local/etc/beats/filebeat.modules.d/suricata.yml) and it's running.

I have to make some visualization, set up ILM, but that's all ... sorry, not all.

2021-01-07T20:54:32.495+0300    ERROR   instance/metrics.go:98  Error while getting memory usage: error retrieving process stats: cannot find matching process for pid=27000
2021-01-07T20:54:32.496+0300    ERROR   instance/metrics.go:142 Error retrieving CPU percentages: error retrieving process stats: cannot find matching process for pid=27000
2021-01-07T20:54:32.496+0300    ERROR   instance/metrics_file_descriptors.go:39 Error while retrieving FD information: error retrieving process stats: cannot find matching process for pid=27000
2021-01-07T20:54:32.496+0300    INFO    [monitoring]    log/log.go:145  Non-zero metrics in the last 30s        {"monitoring": {"metrics": {"beat":{"info":{"ephemeral_id":"a4464c66-d73f-4b83-90f7-5660668b113b","uptime":{"ms":150051}},"memstats":{"gc_next":124920352,"memory_alloc":81098976,"memory_total":518873712},"runtime":{"goroutines":31}},"filebeat":{"events":{"added":2098,"done":2098},"harvester":{"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":1}},"output":{"events":{"acked":2098,"batches":42,"total":2098},"read":{"bytes":28066},"write":{"bytes":4207826}},"pipeline":{"clients":1,"events":{"active":4117,"published":2098,"total":2098},"queue":{"acked":2098}}},"registrar":{"states":{"current":1,"update":2098},"writes":{"success":42,"total":42}},"system":{"load":{"1":0,"15":0,"5":0,"norm":{"1":0,"15":0,"5":0}}}}}}

I'll think of it, most likely tomorrow

@imightbelosthere
Copy link

Did this "died"? I mean... on ELK stack we have the suricata integration but there's no support at all on how to integrate and grab the logs from a platform that has suricata in it?

Think I'll just ship all the logs to Azure Log Analytics then...

@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@ph
Copy link
Contributor

ph commented May 10, 2021

closing in favor of #1034

@ph ph closed this as completed May 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@ph @andresrc @tarkhil @elasticmachine @Datorresp @jamiehynds @imightbelosthere