Skip to content

IrekRomaniuk/shakl

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
charts/logstash
charts/logstash
 
 
sample
sample
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
azure-pipelines.yml
azure-pipelines.yml
 
 
shakl.png
shakl.png
 
 

Repository files navigation

Introduction

Syslog to Log Analytics (Sentinel). This is alternative to Sentinel connectors using Kubernetes and Logstash

Getting Started

Look at My blog post also Logstash Chart documentation and Azure Log Analytics output plugin for Logstash. Below is example with Palo Alto Networks (see values.PanTraffic.yaml and values.PanThreat.yaml in shakl/charts/logstash/)

Diagram

Build and Test notes

azure-pipelines.yml to build and upload image to registry (repository: name.azurecr.io/shakl), see values.yaml

helm del --purge loggen
helm install -f charts/logstash/values.Loggen.yaml charts/logstash/ --name loggen --set replicaCount=2

UDP: loggen --inet --dgram --size 300 --rate 1000 --interval 10 10.161.132.35 6666
TCP: loggen --size 300 --rate 1000 --interval 10 10.161.132.38 6667

workspace('defaultaworkspace').Loggen_CL | where TimeGenerated > now() - 10m | count

Contribute

TODO: Explain how other users and developers can contribute to make your code better.

About

Syslog to Azure

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages