Linux Agent for SIEM Log Collection
in progress
Nate O'Brien
marked this post as
in progress
Nate O'Brien
Hi all! Apologies for confusion - it looks like this request was a mix of general log collection on Linux and also collecting syslog through Linux. We are actively testing the syslog collection component and will hopefully be releasing it in the next week or two. In the meantime I'll change the status to in progress. If applicable, check out our Linux Flat File collection capability which is available now!
J
Justin Smith
I am confused... I see this was closed out today, but I don't think (unless I misunderstand the announcement) what we're asking for was addressed. It looks like in this release, we're able to get logs from linux agents now.
What we're asking for is to be able to use a Linux agent as a syslog collector/forwarder.
Am I missing something or just confused? :D
M
Michael Barker
Justin Smith This is my question as well and what I was looking to do, not every client has a windows server or always on system we can use, it's a fantastic use of lower powered older systems instead of chucking them out to use Linux on them and use them as a syslog collector/forwarder to use with devices that can report to the SIEM.
Nate O'Brien
marked this post as
complete
Managed SIEM can now collect Linux Flat Files via the Huntress Agent. Please see the documentation here: https://support.huntress.io/hc/en-us/articles/48083557203731-Collecting-Linux-Flat-File-Logs
M
Michael Barker
Nate O'Brien Does this include being able to perform syslog collection from Fortigates into the SIEM?
Greg McCallum
Nate O'Brien the linked documentation is about using Linux as a SIEM Log Source. This request here is for "Linux Agent for SIEM Log Collection", i.e. using a Linux Huntress Agent a Log Collector, rather than using a Windows agent as is the current requirement
J
Justin Smith
Another bump on this thread. It's not just a nice to have feature, it's fundamental for Syslog collection. I agree with a few of the other comments. The need for linux-based syslog collectors is fundamental and the capability to do it on an ARM-linux device would be a major bonus.
Matthiew Morin (Huntress)
Merged in a post:
Linux Agent as Syslog Collector (Feature Request)
R
Ruben Castello
Hello Huntress team,
Currently, Syslog collector functionality is only available on the Windows agent. This forces us to depend on customer-managed Windows systems, which are often unstable, changing, or outside our control.
We need the Linux agent to support Syslog collection and forwarding to the SIEM, equivalent to the Windows implementation. This would allow a consistent, portable, and MSP-controlled deployment model.
Matthiew Morin (Huntress)
Merged in a post:
Linux Log collector
T
Tim Bixley
Would be great to not require a windows device to be a log collector for clients that have no onprem servers anymore but would still like network device logs etc collected.
Even via a Raspberry Pi or similar so less investment than a NUC.
D
Dax Lassiter
Windows nodes are becoming a pain to manage. We'd much prefer to have a Linux agent act as the SIEM Collector going forward. This would be a huge feature for us.
M
Michael Barker
Yeah this would be huge, a lot of clients are operating decentralized and not requiring a server in their office so a system needs to be deployed, linux is lightweight, can be secured, and not turned obsolete because of a feature a certain company wants to put in that no one asked for making your hardware obsolete.
Being able to deploy a pi or basic linux system as a log collector would go a long way to making this easier to deploy and standardize.
Matthiew Morin (Huntress)
marked this post as
future planned
Load More
→