📒
Book of VanLuong
  • 👨‍💻About the Author
  • Cryptography
    • Cryptanalysis
      • RSA & RSA ATTACK
      • DES (Data Encryption Standard)
      • AES (Advanced Encryption Standard)
      • ECC ( Elliptic Curve of Cryptography)
      • Group-based Cryptography
      • Lattice-based Cryptography
      • ChaCha20-Poly1305
      • Hash Function
      • Wargame CTF
  • C2
    • Practical with Havoc Framework
  • Blue Teaming
    • SIEM & SOC
      • SIEM
      • SOC
      • Splunk
    • Cybersecurity Lab & Threat Intelligence
      • Build ELK Lab
        • Configure Elasticsearch and Kibana setup in ubuntu
        • Fluent Bit – Sending Logs to ELK with Fluent Bit
        • Winlogbeat – Collecting and Forwarding Windows Event Logs.
        • Filebeat – Collecting and Forwarding Windows Event Logs.
        • Send Logs from Winlogbeat through Logstash to ELK
        • Audit policy & Winlogbeat
      • Sysmon configuration
    • PowerShell in Incident Response and Threat Hunting
      • PowerShell For Incident Response
      • PowerShell For Threat Hunting
  • Techniques used in malware
    • DLL side loading
    • DLL Unhooking
    • Call stack spoofing
  • Wazuh App Dashboards for Splunk
  • Windows
    • 70 Vital Windows Commands
    • Windows Registry Forensics
  • Guide to Installing Kali Linux, DVWA, and bWAPP
    • Phần 1. CÀI ĐẶT HỆ ĐIỀU HÀNH KALI LINUX
    • Phần 2. CÀI ĐẶT DVWA
    • Phần 3. CÀI ĐẶT BWAPP
  • CTF
    • CTF-writeup-in-KCSC
Powered by GitBook
On this page

Was this helpful?

  1. Blue Teaming
  2. Cybersecurity Lab & Threat Intelligence
  3. Build ELK Lab

Fluent Bit – Sending Logs to ELK with Fluent Bit

PreviousConfigure Elasticsearch and Kibana setup in ubuntuNextWinlogbeat – Collecting and Forwarding Windows Event Logs.

Last updated 3 months ago

Was this helpful?

Fluent Bit is a lightweight, high-performance log processor & forwarder, suitable for distributed systems, containers like Kubernetes, or resource-constrained environments.

Prepare Fluent-Bit:

Next we will update the fluent-bit.conf, need to know the 3 main sections we will focus on.

  • [INPUT]: Specifies where logs are collected from; in our case, it will be collected from the sample logs file we have created.

  • [OUTPUT]: Specifies where logs should be sent; we want to forward them to Elasticsearch.

  • [PARSER]: Defines how logs should be structured using regex; we have updated the parser.conf file so there is no need to change it.

This configuration is for Fluent Bit to read logs from a file (C:/Users/Admin/Downloads/demo.log) and forward them to an Elasticsearch instance.

For the OUTPUT:

  • name es: The es output plugin sends logs to Elasticsearch.

  • Host 192.168.35.135: The IP address or hostname of the Elasticsearch server.

  • Port 9200: The port where Elasticsearch is listening (default is 9200).

  • tls on: Enables TLS/SSL encryption for communication with Elasticsearch.

  • tls.verify off: Disables certificate verification.

  • Trace_Output on: Enables verbose logging for debugging purposes.

Now, let's run Fluent Bit:

& 'C:\Program Files\fluent-bit\bin\fluent-bit.exe' -c 'C:\Program Files\fluent-bit\conf\fluent-bit.conf'

Let's confirm whether the logs are successfully being forwarded to ELK.

https://docs.fluentbit.io/manual/installation/windows#installing-from-exe-installer