- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Re: Log Exporter - Duplicated Logs [Logstash/Grafa...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Log Exporter - Duplicated Logs [Logstash/Grafana]
Hello, I've setup up a log exporter sending logs to TCP on my logstash instance. The problem is I have all the log chain (since it's semi-unified mode) and since I'm using Grafana (doesn't have SIEM-like intelligence) I can't find a way to correlate the log chain (like 3 or more logs) to one single log. It is possible to aggregate this logs or make Checkpoint send the final log (with all the data updated) to my destination server?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Logs are sent every 10 minutes while the connection is open and one when the connection is closed.
I don’t believe you can change the behavior here, though could be wrong.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't want to change that behaviour, it's fine for me. What I want to do is receive the unified log so I don't have "duplicates" in my ES server. Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I also noticed that there is not field for the event start and finish so I can't quite determinate when to stop or correlate the flow of logs. It will be good to have a solution not oritented to SIEM and more to other open source tools that doesn't have the SIEM intelligence to correlate the log flow.