Security Onion can consume many kinds of host logs. You can send logs to Security Onion via your choice of either :ref:`elastic-agent` or :ref:`syslog`:
- Choose :ref:`elastic-agent` for comprehensive telemetry if you can install an agent on the host.
- Choose :ref:`syslog` if you can't install an agent but the device supports sending standard syslog. Examples include firewalls, switches, routers, and other network devices.
For Windows endpoints, you can optionally augment the standard Windows logging with :ref:`sysmon`.
.. toctree:: :maxdepth: 2 elastic-agent syslog sysmon