OpenVAS (Open Vulnerability Assessment System) is an open source vulnerability scanner. The following instructions show you how to configure Filebeat to send OpenVAS reports to Logz.io.
Step by step
Before you begin, you'll need:
Download the Logz.io public certificate to your credentials server
For HTTPS shipping, download the Logz.io public certificate to your certificate authority folder.
sudo curl https://raw.githubusercontent.com/logzio/public-certificates/master/AAACertificateServices.crt --create-dirs -o /etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt
Open the Filebeat configuration file (/etc/filebeat/filebeat.yml) with your preferred text editor. Copy and paste the code block below, overwriting the previous content. (You want to replace the file's content with this code block.)
This code block adds OpenVAS as an input and sets Logz.io as the output.
Filebeat requires a file extension specified for the log input.
- type: filestream
If you're running Filebeat 7 to 8.1, paste the code block below instead:
- type: log
#For version 6.x and lower
#For version 7 and higher
#The following processors are to ensure compatibility with version 7
- from: "agent"
- from: "log.file.path"
Replace the placeholders to match your specifics. (They are indicated by the double angle brackets
<<LOG-SHIPPING-TOKEN>>with the token of the account you want to ship to.
<<LISTENER-HOST>>with the host for your region. For example,
listener.logz.ioif your account is hosted on AWS US East, or
listener-nl.logz.ioif hosted on Azure West Europe. The required port depends whether HTTP or HTTPS is used: HTTP = 8070, HTTPS = 8071.
- Replace the filepath placeholder
<<FILEPATH-TO-OPENVAS-REPORTS>>with the file path to the folder where you’ll be keeping your OpenVAS reports. For example,
/home/kali/Downloads/Filebeat_read/*.csvwill look for any file with a csv extension under that path.
One last validation - make sure Logz.io is the only output and appears only once. If the file has other outputs, remove them.
Start or restart Filebeat for the changes to take effect.
Filebeat is now configured to send OpenVAS CSV reports directly to Logz.io.
Generate a CSV report in OpenVAS
OpenVAS reports are typically generated manually, as needed.
After completing a scan in OpenVAS, perform the following steps to generate a CSV report.
Click the Scans tab, then select Reports.
Select a report from the list of results.
The report summary will open. Select CSV Results from the drop-down menu (top left corner) and click the download option (It's the green arrow ⬇️.
The CSV file will be downloaded to the default Downloads path set for your Web browser. If your Filebeat is configued to read reports from another folder, you can manually copy OpenVAS reports to another folder or change the browser's default Downloads path.
Check Logz.io for your logs
Give your logs some time to get from your system to ours, and then open Open Search Dashboards.
If you still don't see your logs, see Filebeat troubleshooting.