Comments (2)
That is a great idea!!! I have never used Opensearch myself tough.
May I ask, why would you use Opensearch instead of Elastic?? (besides price of course). Are there any features you may consider useful for the project that we should consider??
from fortinet-2-elasticsearch.
our reasons were mostly around cost... we needed what we considered basic features, but that are behind a very steep paywall for Elastic with their X-Pack. things like AD authentication, branding, alerting via webhook.
So we looked at hopesearch and we found it to be good enough for our needs.
for fortinet2elasticsearch i would thing that the security analytics feature could be something to look into:
https://opensearch.org/docs/latest/security-analytics/index/
otherwise data ingestion is pretty straight forward. you can use the latest logstash (we use 8.5.3, but tested with 8.6.0) , just install the output plugin logstash-output-opensearch
https://github.com/opensearch-project/logstash-output-opensearch and the output section of the pipeline would look like something around those lines:
output {
opensearch {
hosts => [ "${OS_HOSTS}" ]
user => "${OS_USER}"
password => "${OS_PASSWORD}"
cacert => '/etc/logstash/certificates/ca.crt'
ssl => true
index => "syslog-%{+YYYY.MM.dd}"
}
that means that all of your ingestion/parsing should remain untouched, and the only thing to look at are (possibly) index templates and definitely at the dashboards...
from fortinet-2-elasticsearch.
Related Issues (20)
- Integración HOT 1
- Any plans to add a Docker composer file? HOT 8
- checking installation HOT 8
- documentation HOT 2
- deployment to my ELK stack HOT 3
- Rsyslog Support HOT 13
- Getting Fortidragon to fly with rsyslog HOT 12
- Pipeline from is down HOT 3
- Help with Issues HOT 1
- Logstash Shard error HOT 8
- I can't discover Fortigate log HOT 1
- Installation problem: Getting "illegal_argument_exception" error in logstash HOT 1
- Missing config file HOT 1
- Ruby exception occurred: can't convert Array into an exact number HOT 4
- invalid composite mappings for [logs-fortinet.fortigate.event] HOT 6
- Issue with Creating Transforms HOT 4
- Attempted to send event to 'syslog-fortinet-common_ecs-output' but that address was unavailable HOT 6
- Field and Document level security Integration HOT 4
- creating ILM
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fortinet-2-elasticsearch.