Sensor to Standard logs forwarding

[flngkttn]

• What version of the OS are you currently using lsb_release -a and uname -a? debian 10
• What T-Pot version are you currently using? master
• What edition (Standard, Nextgen, etc.) of T-Pot are you running? Sensor
• What architecture are you running on (i.e. hardware, cloud, VM, etc.)? VM
• Did you have any problems during the install? If yes, please attach /install.log /install.err. No
• How long has your installation been running? 1 day
• Did you install upgrades, packages or use the update script? used update script
• Did you modify any scripts or configs? If yes, please attach the changes. - No
• Please provide a screenshot of glances and htop.
• How much free disk space is available (df -h)?
• What is the current container status (dps.sh)?
• What is the status of the T-Pot service (systemctl status tpot)? Active
• What ports are being occupied? Stop T-Pot systemctl stop tpot and run netstat -tulpen
• If a single container shows as DOWN you can run docker logs <container-name> for the latest log entries

Hi there
Thank you for your software.
I'm trying to implement distributed system of Honeypots.
I have Standard type system and Sensor.
Wiki page says to use logstash to forward logs to another destination, but in Sensor system there is no Logstash.
What I'm doing wrong?
Thanks in advance.

[t3chn0m4g3]

Please review #250

[lcia-projects]

@flngkttn i'm doing a similar system.. as of now i have 4 sensors distributed around the state.. all reporting back to my central office.
i'm not sure if there is a better way.. but my approach has been working for about a year.

After installing the 'sensor' i install "Filebeat" and configure filebeat to transmit any log changes to a logstash instance in my central office. Logstash then does some processing and then deposits the data into an elasticsearch cluster.