cybersecurity

3238 readers

1 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 1 year ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

Windows Syslog Receiver (infosec.pub)

submitted 10 months ago by stevedidwhat_infosec@infosec.pub to c/cybersecurity@infosec.pub

12 comments fedilink hide all child comments

Hey all, got a quick question!

I want to receive, parse and store syslogs from various devices on my home network on my windows box. I know, I know, its a bit backwards but I'd like to proceed with this sort of setup if possible (not against discussion, of course).

I've looked and looked for options but it seems like everything has been bare bones and basically just receives, or is locked behind premium. Surely there's some sort of solution out there, no? I'd be willing to implement something in Python if I need to but I'm considerably more hesitant when compared to using an open source soln.

Thanks for your time, looking forward to discussing/learning more!

you are viewing a single comment's thread
view the rest of the comments

[–] faebudo@infosec.pub 3 points 10 months ago (1 children)

I would recommemd setting up greylog. It's pipelines are really mighty and not that hard to learn. You can run it in a VM.

If you really want to you can run filebeat on windows with a file output, so it will write everything in json format to a file. However you will still have to parse ot, make it searchable etc.

[–] stevedidwhat_infosec@infosec.pub 1 points 10 months ago (1 children)

Yeah I’m familiar with filebeats and the ELK stack, set one of those up a long while ago to ingest Twitter from api before all that blew out a left kneecap haha.

I’ll check it out as well!

[–] alex_02@infosec.pub 2 points 10 months ago* (last edited 10 months ago) (1 children)

For the elk stack you can replace Logstash and Filebeat with Fluentbit and feed it directly to Elastic Search than use Kibana. I've found Logstash to be the resource hog and Fluentbit just runs a lot better imo.

Some docs:

https://docs.fluentbit.io/manual/pipeline/inputs/syslog

https://docs.fluentbit.io/manual/pipeline/outputs/elasticsearch

EDIT: All three of them can also be run in a docker or several depending on your needs and how you configure.

[–] stevedidwhat_infosec@infosec.pub 2 points 10 months ago

Sweeet, thank you!