Fluentd Centralized Logging part 2. This article will show you how to integrate our logs with fluentd. Especially the logs from IDS system. In this case I used Suricata IDS.
In this article I explained in detail how to collect our logs in the server then forward and process these logs so we can have better and meaningful information. He is collecting logs from Suricata (https://suricata-ids.org), which is a signature-based Intrusion Detection System (IDS) like Snort.
As you noticed, fluentd is open source data collector to unified logging. Unified logging is very important if we want to gather more information and find particular meaning with our logs in the server. We can gather more than one particular log. As an example, we can gather and monitor like syslog, web server logs, sensors, .etc. Not only we can gather the logs, we can manage or forward or store it into different applications and systems.
If we have more than IDS system monitoring our networks, we need to gather all this information into one meaning information. Using these systems we can build collaborative IDS and more meaning information we can get.
In the article, I used Suricata IDS becaus it is a free and open source, mature, fast and robust network IDS. The Suricata engine is capable of real time intrusion detection, inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing.
My article related to fluentd. Check this out:
https://bsdmag.org/download/openldap-directory-services-freebsd/