I have zeek installed in centos 9 stream , i want to send the logs generated to a specified port via tcp or udp as i need this to send logs to a collector configured in a SIEM , is there a zeek script or plugin that enables this ? I only want to use zeek without a 3rd party for forwarding.
I have zeek installed in centos 9 stream , i want to send the logs generated to a specified port via tcp or udp as i need this to send logs to a collector configured in a SIEM , is there a zeek script or plugin that enables this ? I only want to use zeek without a 3rd party for forwarding.
Share Improve this question asked Mar 3 at 16:18 ameliaamelia 391 silver badge4 bronze badges1 Answer
Reset to default 0It depends on the ingestion format your SIEM expects. You can use Zeek's built-in file logging with something like Filebeat, or add one of the Zeek packages that add additional export formats for Kafka, NATS, ZeroMQ, etc. This might get you started.
I suggest you swing by Zeek's Discourse or Slack, you're likely to get better support there. See here for links.