Set Logshipper (Filebeat) Settings

  1. Next, if you have chosen to install Filebeat along with Suricata, clicking next will take you to the Logshipper settings page, in this page, first thing you will need to do is to select a Configuration Profile for the logshipper.

../_images/select_filebeat_configuration_profile.png

Note

Configuration Profiles are pre-tested collections of a Service (eg: Suricata, Filebeat…etc) settings that configures it to operate in a certain way, you can read about the currently available configuration profiles in IDSTower here.

  1. Based on the Configuration Profile you have selected, you will need to set different settings, including the list of hosts that Filebeat will send the Alerts/Events that Suricata has produced to, incase you have chosen to configure Filebeat to send the events/alerts to an ElasticSearch Cluster, list your ElasticSearch hosts as shown below:

../_images/set_elasticserach_hosts.png

  1. Click Next to move to the settings review page, make sure everything checks out, then Click on “Deploy”, IDSTower will start deploying the required services and configure them on the Target Hosts, this could take a while depending on Number of Hosts, their specifications and the Internet Speed.

../_images/new_cluster_deploying.png

  1. Finally, once the installation and configuration is done, the new Cluster will be added to IDSTower.

../_images/new_cluster_deployed_successfully.png
  1. Next, we will start the IDS service.