Skip to content
  • There are no suggestions because the search field is empty.

Configure Logstash Event Sources in NetWitness

Configure Logstash Event Sources in NetWitness

Configure Logstash Event Sources in NetWitness

You can configure the Logstash collection protocol.

IMPORTANT:
- Do not change logstash.yml file as it breaks the functionality.
- Do not change sincedb_path input configuration. If you change the sincedb_path, the back up and restore functionality breaks.
- Do not modify any pipeline configuration yml files.

To configure a Logstash Event Source:

  1. Go to AdminIcon.png (Admin) > Services from the NetWitness menu.
  2. Select a Log Collection service.
  3. Under Actions, select ic-actns.png > View > Config to display the Log Collection configuration parameter tabs.

  4. Click the Event Sources tab.

  1. In the Event Sources tab, select Logstash/Config from the drop-down menu.

  2. In the Event Categories panel toolbar, click ic-add.png.

    The Available Event Source Types dialog is displayed.

  3. Select the event source type and click OK.

    The newly added event source type is displayed in the Event Categories panel.

  4. Select the new type in the Event Categories panel and click ic-add.png in the Sources toolbar.

    The Add Source dialog is displayed.

  5. Fill in the fields, based on the Logstash event source you are adding. General details about the available parameters are described below in Logstash Collection Parameters.

  6. Click OK.

Logstash Collection Parameters

The following tables provides descriptions of the Logstash Collection source parameters.

Note: Items that are followed by an asterisk (*) are required.

Basic Parameters

Custom Event Source Parameters

The following table lists the custom event source parameters.

Beats Event Source Parameters

The following table lists the beats event source parameters.

Export Connector Event Source Parameters

The following table lists the custom export connector event source parameters.

HTTP Receiver Event Source Parameters

The following table lists the HTTP receiver event source parameters.

IPFIX Event Source Parameters

The following table lists the IPFIX event source parameters.

Kubernetes Event Source Parameters

The following table lists the Kubernetes receiver event source parameters.

JDBC Oracle 11g Auditing Event Source Parameters

The following table lists the JDBC Oracle 11g auditing event source parameters.


jdbc_oracle_19c_auditing typespec