This repository provides some example configuration files for combining
Filebeat, Logstash, rsyslog, Redis, and Elasticsearch, so that messages 
can be sent from Filebeat to Elasticsearch. The examples have been
developed for illustrating the discussion in the following paper:

Risto Vaarandi and Sten Mases, "How to Build a SOC on a Budget," 
Proceedings of the 2022 IEEE International Conference on Cyber Security 
and Resilience, pp. 171-177, 2022 

Note that the configuration files have been tested with Elastic Stack 
version 7.16.3 and rsyslog version 8.2202.0. For Elastic Stack 8.x,
rsyslog version 8.2206.0 or higher is needed with slightly modified
settings (see configuration files rsyslog-*.conf for details).


For implementing Filebeat->Redis->rsyslog->Elasticsearch message flow,
have a look into the following configuration files:

filebeat-output.yml
rsyslog-redisbeat2elastic.conf


For implementing Filebeat->Logstash->Elasticsearch message flow,
have a look into the following configuration files:

filebeat-output.yml
logstash-beat2elastic.conf


For implementing Filebeat->Logstash->rsyslog->Elasticsearch message flow,
have a look into the following configuration files:

filebeat-output.yml
logstash-beat2syslog.conf
rsyslog-syslogbeat2elastic.conf