Home LogRhythm-SIEM_Create_Custom_Open_Collector_Pipelines_For_Kafkabeat
Post
Cancel

LogRhythm-SIEM_Create_Custom_Open_Collector_Pipelines_For_Kafkabeat

Posted Jun 12, 2023 Updated Jun 12, 2023
By Ravi
1 min read

Creating Custom Open Collector Pipelines For Kafkabeat.

By default LR OpenCollecor does not have pipelines to process kafkabeat logs. Run below command to view the list of available pipelines in OC. We noticed by default OC does not have pipelines to process kafkabeat logs

1

./lrctl oc  -  - pipe status

Img1

Steps to create a custom pipeline for kafkabeat.

  • Install ocpipeline utility

    1

      ./lrctl ocpipeline  install

  • Install lrjq utility

    1

      ./lrctl lrjq install

  • Img2

    1

          ./ocpipeline create --name ociKafkaStream --destination .

Img3

  • Paste the content of zip file to folder ociKafkaStream.

  • To Understand the content of zip file go through Logrhythm Official document.

    ocikafkaStream.zip

  • Run below command to Package and import the pipeline.

    1

      ./ocpipeline package --source ociKafkaStream --destination . –-force

  • We will see below output once above command executed successfully.

    1

      .pipe file generated at: /root/ociKafkaStream.pipe

Img4

  • Import .pipe file into your Open Collector.

    1

      cat ociKafkaStream.pipe  | ./lrctl oc pipe import

Img5

  • Restart Services.
    1

      ./lrctl metrics restart

    1

      ./lrctl oc restart

Img6

  • Validate the status os all pipeline

    1

      ./lrctl oc  -  - pipe status

Img7

oracle_cloud_infrastructure, OCI_SIEM_Integration, LogRhythm_Open_Collector
OCI OCI_Kafka_Streaming SIEM Audit LogRhythm OpenCollector Kafkabeat
This post is licensed under CC BY 4.0 by the author.
Recently Updated
Contents