Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentes Révision précédente Prochaine révision | Révision précédente Prochaine révision Les deux révisions suivantes | ||
tuto:monitoring:graylog_to_crowdsec [05/03/2021 18:35] dani |
tuto:monitoring:graylog_to_crowdsec [05/03/2021 18:39] dani [g2cs] |
||
---|---|---|---|
Ligne 12: | Ligne 12: | ||
===== Send logs from Graylog to ? ===== | ===== Send logs from Graylog to ? ===== | ||
- | As I already have all my logs in Graylog, it'd be better to send this stream of logs to a single crowdsec installation. But, for now, crowdsec doesn' | + | As I already have all my logs in Graylog, it'd be better to send this stream of logs to a single crowdsec installation. But, for now, crowdsec doesn' |
+ | Here's the global flow | ||
+ | |||
+ | {{ : | ||
===== g2cs ===== | ===== g2cs ===== | ||
Ligne 36: | Ligne 39: | ||
<note tip>You can choose a directory on a tmpfs filesystem to improve performance, | <note tip>You can choose a directory on a tmpfs filesystem to improve performance, | ||
+ | < | ||
===== Configure crowdsec ===== | ===== Configure crowdsec ===== | ||
Now that we have our g2cs daemon running, you can configure crowdsec acquisition to read these files. Something like | Now that we have our g2cs daemon running, you can configure crowdsec acquisition to read these files. Something like |