1

I have installed Snort IDS and syslog-ng on my VM, and I want to use syslog-ng to forward my logs to another vm which is SecurityOnion. So I want to know can syslog-ng forward logs to ELSA which is in SecurityOnion?

Any help would be great. Thank You

technoob
  • 132
  • 1
  • 14

1 Answers1

1

Sure, ELSA itself is based on syslog-ng. Check the documentation of ELSA (or the syslog-ng config file on your ELSA VM) to see which sources it uses to receive messages, and configure a matching destination on your SNORT host.

HTH

Regards,

Robert Fekete

Robert Fekete
  • 542
  • 1
  • 3
  • 6