SIEM integration with FedoraCOREOS

Hi All,
I am trying to find out if it is possible to integrate any SIEM tool with Fedora Core OS directly instead of using ESO/CLO in OKD.

Gunjan Garge

What’s ESO/CLO?

If you probably integrate any SIEM as long as you can run their agent in a container (most likely a privileged one).

Sorry for using short names.

ESO = Elastic Search Operator
CLO = Cluster Logging Operator

Once OKD is installed we may be able to forward syslog using CLO. But we wanted to configure it even before OKD is installed, directly at FOCS level.

Running syslog-ng/rsyslog from a privileged container with access to the systemd journald files should probably work. I’m not sure how supported the podman + cri-o combination is but that should probably work too.