[Oisf-users] Suricata 2.0 Available!

Peter Manev petermanev at gmail.com
Tue Mar 25 17:22:40 UTC 2014 


> On 25 mar 2014, at 18:05, "Cooper F. Nelson" <cnelson at ucsd.edu> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Same problem I had previously, the embedded elasticsearch instance
> doesn't start.  Maybe it's something on my end.

With Logstash 1.4.0 it is better to use the "elkdownload" - 
http://www.elasticsearch.org/overview/elkdownloads/
ES , Logstash and Kibana separately 

Download  the debs (ES and Logstash), install -> dpkg -i ....  , then install Kibana as instructed.

The Logstash conifgs are under /etc/default and /etc/init.d/

service elasticsearch start
service logstash start
...open a browser , point to Kibana ... 

 In general you should be good to go.



> 
> I'll post an update if I figure this out.
> 
>> On 3/25/2014 9:41 AM, Victor Julien wrote:
>>> On 03/25/2014 05:35 PM, Cooper F. Nelson wrote:
>>> The current version of logstash is 1.4.0 and does not work with
>>> this guide.  Would it be possible to get it updated?
>> 
>>> I'll offer to help in any way possible, with the caveat that I
>>> haven't been able to get it to work myself.
>> 
>> It works for me, however with one change. I'm using
>> logstash-forwarder, and with this it seems the filter:
>> 
>> filter {
>>  date {
>>    match => [ "timestamp", "ISO8601" ]
>>  }
>> }
>> 
>> Doesn't work. If I have this, I see no logs, otherwise if I remove
>> that, it works normally.
>> 
>> My configs for reference: https://gist.github.com/inliniac/9765934
> 
> - -- 
> Cooper Nelson
> Network Security Analyst
> UCSD ACT Security Team
> cnelson at ucsd.edu x41042
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iQEcBAEBAgAGBQJTMbdhAAoJEKIFRYQsa8FWdPgH/ioFqmemW6mIcxPZw3rrYf/K
> OI4eYBEEZl6gHZCXut5HVm0IscxJ60uBSW2m1o/MahB7j/MnW+OvAMfITVWL91AP
> Vdz41J5lISp5/WXgCKPG1YY72sh9V0if0Q4gZP3nzTo88tNwsxTxx5sd5JSm7Cvn
> VIqPbtN5NjFV5CcnWLPMYZRzX/49vsfJbuRXKnpTVylVBOOd7CkKtZUYEYnRjyBj
> RBX+buk1JBmPv/U028Bnzlt1O7oFtC2b7M8reu9vkmrECmuIpuPMLg6r7c6uNHWA
> xB/ypN1+khlG6g8AN9b4YIYoC4T+oi4sLtcTUB5yNHNDvLAVZ798k6eKnfKVMyk=
> =XtUn
> -----END PGP SIGNATURE-----
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/

More information about the Oisf-users mailing list