Upload files to "8 Tools"
This commit is contained in:
15
8 Tools/winlogbeatwithossysbeat.md
Normal file
15
8 Tools/winlogbeatwithossysbeat.md
Normal file
@ -0,0 +1,15 @@
|
||||
Host Visibility — Security Onion 2.3 documentation
|
||||
***Modifying the Winlogbeat.yaml to work with the OSSysbeat.ps1 script to set up the shipping of host logs to Security Onion***
|
||||
Right click and edit the winlogbeat.yaml file
|
||||
Scroll down to the “winlogbeat.event_logs:” section
|
||||
The bottom line of this section should read as follows:
|
||||
name: Microsoft-Windows-Sysmon/Operational
|
||||
|
||||
Scroll down to the Elasticsearch section and comment out the host's line
|
||||
|
||||
Scroll down to the Logstash section and uncomment the “output.logstash:” line and the “hosts” line below it
|
||||
Then, change the IP in the square brackets to be the IP address of our security onion sensor
|
||||
|
||||
Ctrl + S to save, close the file
|
||||
|
||||
by cpl adams
|
||||
Reference in New Issue
Block a user