[Oisf-users] Suricata 2.0 Available!

Matt matt at somedamn.com
Wed Mar 26 19:48:38 UTC 2014 

Here's what I did for Ubuntu 12.04:

/apt-get install libjansson-dev libgeoip-dev/

If you're starting from a clean server, there are probably other missing 
dependencies.  Those are just two I noticed during my install.  
Libjansson is needed for the EVE output.

/wget //http://www.openinfosecfoundation.org/download/suricata-2.0.tar.gz//
//tar -vxzf suricata-2.0.tar.gz//
//cd suricata-2.0//
//./configure --prefix=/opt/suricata --localstatedir=/var --enable-geoip//
//make//
//make install//
///LD_LIBRARY_PATH=/opt/suricata/lib /opt/suricata/bin/suricata -c 
/opt/suricata/etc/suricata/suricata.yaml --af-packet=eth1 -v

//Suricata should be running at this point.

///apt-get install openjdk-7-jdk openjdk-7-jre-headless apache2//
/
//Again you may find other missing dependencies for ELK on your own 
machines.
//
///wget 
https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.1.0.deb//
//wget 
https://download.elasticsearch.org/logstash/logstash/packages/debian/logstash_1.4.0-1-c82dc09_all.deb//
//wget 
https://download.elasticsearch.org/kibana/kibana/kibana-3.0.0.tar.gz//
//
//dpkg -i elasticsearch-1.1.0.deb//
//dpkg -i logstash_1.4.0-1-c82dc09_all.deb//
//tar -C /var/www/ -vxzf kibana-3.0.0.tar.gz//
//
///etc/init.d/elasticsearch start/

In case you're wondering, the elasticsearch data is stored in 
/var/lib/elasticsearch by default.  This is my first time using it, so 
that was one of the questions I had.

For logstash, I followed the instructions at 
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/_Logstash_Kibana_and_Suricata_JSON_output. 
I copied the geoip config verbatim.  Note: for step 2, the logstash conf 
should go in /etc/logstash/conf.d rather than /etc/init

//etc/init.d/logstash start/

Note: if you're using the init script like that instead of adding a 
service in /etc/init, you'll need to add "JAVA=/usr/bin/java" at line 83 
due to a bug in the script.

Then just browse to http://your.server/kibana-3.0.0 and start poking around.

Matt

On 3/26/2014 11:38 AM, Victor Julien wrote:
> On 03/25/2014 11:06 PM, Cooper F. Nelson wrote:
>> Ok, got it working.  Ultimately I ended up starting over and
>> installing elasticsearch via a package first.  Then the published
>> process worked.
>>
>> I appreciate everyone's help!  Now I just need to figure out how
>> to configure the dashboard.
> Feel free to try mine:
> http://www.inliniac.net/files/Suricata-Eve-Dashboard
>
> You can load it through Kibana's 'load' button, then advanced, choose
> file. I think we will include one in the suricata tarball as well.
> Input welcome :)
>
> Cheers,
> Victor
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140326/b01a1ded/attachment-0002.html>

More information about the Oisf-users mailing list