On Thu, Aug 11, 2016 at 2:09 AM, Charlie Wilson <[email protected]> wrote: > Hi I was wondering if anyone has any idea if it is possible for a local > OSSEC install on an ELK server (elasticsearch, logstash, kibana) to just > parse info and analyse the log files being sent to logstash? >
OSSEC can't read from elasticsearch, but if logstash is reading from a file it should be able to read that file as well. > If agents like filebeat or even syslog are sending logs to the server > already, there would be no need to install the agent or setup agentless > methods on the clients. > Is this possible/feasible? > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
