I have Zeek and Suricata logs collected outside of RockNSM that I need to ingest into RockNSM.
What I’ve done so far:
I configured filebeat.yml to point the files to where the log files are located (two ways)
it’s configured to point to configs/*.logs
one of which a file is created at
** That didn’t work
under filebeat inputs
I pointed it to the same folder where the external logs are located. still not joy.
Seems like this should be a straigtforward process but for some reason I’m not seeing the logs. Anyone have any experience in configuring this before?