Logstash

Description

Logstash is a log collector used to transform, store or pass the logs it receives.

Configuration

The configuration is splitted into 3 different pipelines to accept logs from Filebeat, Auditbeat and Winlogbeat. No additional configuration is required from the user.

How to enable

It is mandatory in a simulation and it is enabled by default.

Usage

There is no specific usage associated to this log collector. In fact it is used mainly to send its logs it gathered to a SIEM. However, this is currently the log collector used for the dataset generation.