I need some good recommendations on a SIEM/log management solution
Posted by LonelyDilo@reddit | sysadmin | View on Reddit | 9 comments
I have set up a Syslog server on my Raspberry Pi 5 that's running Ubuntu 24.04. It receives logs in RFC 3164 format from 160 remote firewalls and stores them locally. Is there an open-source SIEM application I can run on my Pi that will take my locally stored logs, perform data/security analysis, find trends and anomalies, and present it all in a nice graphical interface? I need the SIEM solution to be easy to set up and maintain because I have to turn it over to my boss, who is less technically inclined than me.
Please let me know if I'm asking for too much. I don't know if there are applications that are this convenient. I thought I might need to make a more complex setup, such as running multiple servers in containers with docker or proxmox.
Oricol@reddit
You're going to need a stronger machine to run it but check out Security Onion.
https://securityonionsolutions.com/
LonelyDilo@reddit (OP)
Thank you! Is this open source?
Oricol@reddit
If you don’t have an EDR platform check out Wazuh. It’s open source as well.
LonelyDilo@reddit (OP)
Unfortunately wazuh-indexer isn’t avaliable on arm64 architectures. At least according to chatgpt
winky9827@reddit
https://media.giphy.com/media/e5uyWolyR0y30Wo1ya/giphy.gif?cid=790b761141q32nblwyrhmk1dltw828qsrzeucpvsypgnjxkc&ep=v1_gifs_search&rid=giphy.gif&ct=g
LonelyDilo@reddit (OP)
It’s the paid version. Trust me. There’s no way it’s inaccurate
winky9827@reddit
I can't tell if you're trying to be serious or not.
LonelyDilo@reddit (OP)
Im joking, but it is an extremely helpful tool.
Oricol@reddit
Elastic license 2.0 https://securityonionsolutions.com/license