📒
Book of VanLuong
  • 👨‍💻About the Author
  • Cryptanalysis
    • RSA & RSA ATTACK
    • DES (Data Encryption Standard)
    • AES (Advanced Encryption Standard)
    • ECC ( Elliptic Curve of Cryptography)
    • Group-based Cryptography
    • Lattice-based Cryptography
    • ChaCha20-Poly1305
    • Hash Function
    • Wargame CTF
  • Windows
    • 70 Vital Windows Commands
  • Guide to Installing Kali Linux, DVWA, and bWAPP
    • Phần 1. CÀI ĐẶT HỆ ĐIỀU HÀNH KALI LINUX
    • Phần 2. CÀI ĐẶT DVWA
    • Phần 3. CÀI ĐẶT BWAPP
  • Cybersecurity Lab & Threat Intelligence
    • Build ELK Lab
      • Configure Elasticsearch and Kibana setup in ubuntu
      • Fluent Bit – Sending Logs to ELK with Fluent Bit
      • Winlogbeat – Collecting and Forwarding Windows Event Logs.
      • Filebeat – Collecting and Forwarding Windows Event Logs.
      • Send Logs from Winlogbeat through Logstash to ELK
      • Audit policy & Winlogbeat
    • Watch full series
  • CyberDefender Labs
Powered by GitBook
On this page

Was this helpful?

  1. Cybersecurity Lab & Threat Intelligence
  2. Build ELK Lab

Fluent Bit – Sending Logs to ELK with Fluent Bit

PreviousConfigure Elasticsearch and Kibana setup in ubuntuNextWinlogbeat – Collecting and Forwarding Windows Event Logs.

Last updated 1 month ago

Was this helpful?

Fluent Bit is a lightweight, high-performance log processor & forwarder, suitable for distributed systems, containers like Kubernetes, or resource-constrained environments.

Prepare Fluent-Bit:

Next we will update the fluent-bit.conf, need to know the 3 main sections we will focus on.

  • [INPUT]: Specifies where logs are collected from; in our case, it will be collected from the sample logs file we have created.

  • [OUTPUT]: Specifies where logs should be sent; we want to forward them to Elasticsearch.

  • [PARSER]: Defines how logs should be structured using regex; we have updated the parser.conf file so there is no need to change it.

This configuration is for Fluent Bit to read logs from a file (C:/Users/Admin/Downloads/demo.log) and forward them to an Elasticsearch instance.

For the OUTPUT:

  • name es: The es output plugin sends logs to Elasticsearch.

  • Host 192.168.35.135: The IP address or hostname of the Elasticsearch server.

  • Port 9200: The port where Elasticsearch is listening (default is 9200).

  • tls on: Enables TLS/SSL encryption for communication with Elasticsearch.

  • tls.verify off: Disables certificate verification.

  • Trace_Output on: Enables verbose logging for debugging purposes.

Now, let's run Fluent Bit:

& 'C:\Program Files\fluent-bit\bin\fluent-bit.exe' -c 'C:\Program Files\fluent-bit\conf\fluent-bit.conf'

Let's confirm whether the logs are successfully being forwarded to ELK.

https://docs.fluentbit.io/manual/installation/windows#installing-from-exe-installer