SIEM integration with FedoraCOREOS

gunjangarge · January 4, 2021, 7:44am

Hi All,
I am trying to find out if it is possible to integrate any SIEM tool with Fedora Core OS directly instead of using ESO/CLO in OKD.

Regards,
Gunjan Garge

siosm · January 4, 2021, 10:54am

What’s ESO/CLO?

If you probably integrate any SIEM as long as you can run their agent in a container (most likely a privileged one).

gunjangarge · January 5, 2021, 5:37am

Sorry for using short names.

ESO = Elastic Search Operator
CLO = Cluster Logging Operator

Once OKD is installed we may be able to forward syslog using CLO. But we wanted to configure it even before OKD is installed, directly at FOCS level.

siosm · January 5, 2021, 8:58am

Running syslog-ng/rsyslog from a privileged container with access to the systemd journald files should probably work. I’m not sure how supported the podman + cri-o combination is but that should probably work too.

Topic		Replies	Views
Centralized logging on FCOS? Ask Fedora coreos	13	1207	December 28, 2024
Cri-o on Fedora CoreOS install Project Discussion coreos-wg	3	1312	July 8, 2020
Tooling to deploy & manage Kubernetes clusters atop CoreOS (updates, maint., etc) Ask Fedora kubernetes , coreos	10	166	August 14, 2024
Cluster-api-provider-vsphere now has Ignition support. Does it work with Fedora CoreOS? Project Discussion coreos-wg	1	179	December 5, 2022
Check of ignition configs Project Discussion coreos-wg	5	379	February 8, 2021

SIEM integration with FedoraCOREOS

Related topics