Issues with Sending Logs to Elastic Using Filebeat on OPNsense

[hsing]

Hello, Community,

I would like to ask if anyone here has experience using Logging to send log data to Elastic. I'm currently encountering some issues with the configuration and would appreciate any help.

Here's the situation: I followed the Kali Purple SOC-IAB setup for the Elastic Agent without any major issues. However, when I wanted to set up IDS/IPS logs, I realized that a different configuration might be required. So, I referred to the Beats method, but encountered a problem when running the filebeat modules list command.

Code Select Expand

root@OPNsense:/usr/local/etc/beats # filebeat modules list
Error initializing beat: failed to get host information: unimplemented

I did some searching in the Elastic community and found that others have encountered the same issue, but it doesn't seem to be resolved yet. Therefore, I'm reaching out here for assistance. Any help would be greatly appreciated. Thank you.

[hsing]

Update: I removed beats8. After installing beats7, everything works fine.