[Oisf-users] Suricata 2.0 Available!

Peter Manev petermanev at gmail.com
Wed Mar 26 21:02:10 UTC 2014


On Wed, Mar 26, 2014 at 8:48 PM, Matt <matt at somedamn.com> wrote:

>  Here's what I did for Ubuntu 12.04:
>
> *apt-get install libjansson-dev libgeoip-dev*
>
> If you're starting from a clean server, there are probably other missing
> dependencies.  Those are just two I noticed during my install.  Libjansson
> is needed for the EVE output.
>
> *wget **http://www.openinfosecfoundation.org/download/suricata-2.0.tar.gz
> <http://www.openinfosecfoundation.org/download/suricata-2.0.tar.gz>*
> *tar -vxzf suricata-2.0.tar.gz*
> *cd suricata-2.0*
> *./configure --prefix=/opt/suricata --localstatedir=/var --enable-geoip*
> *make*
> *make install*
>
>
> *LD_LIBRARY_PATH=/opt/suricata/lib /opt/suricata/bin/suricata -c
> /opt/suricata/etc/suricata/suricata.yaml --af-packet=eth1 -v *Suricata
> should be running at this point.
>
>
>
> *apt-get install openjdk-7-jdk openjdk-7-jre-headless apache2 *Again you
> may find other missing dependencies for ELK on your own machines.
>
> *wget
> https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.1.0.deb
> <https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.1.0.deb>*
> *wget
> https://download.elasticsearch.org/logstash/logstash/packages/debian/logstash_1.4.0-1-c82dc09_all.deb
> <https://download.elasticsearch.org/logstash/logstash/packages/debian/logstash_1.4.0-1-c82dc09_all.deb>*
> *wget https://download.elasticsearch.org/kibana/kibana/kibana-3.0.0.tar.gz
> <https://download.elasticsearch.org/kibana/kibana/kibana-3.0.0.tar.gz>*
>
> *dpkg -i elasticsearch-1.1.0.deb*
> *dpkg -i logstash_1.4.0-1-c82dc09_all.deb*
> *tar -C /var/www/ -vxzf kibana-3.0.0.tar.gz*
>
> */etc/init.d/elasticsearch start*
>
> In case you're wondering, the elasticsearch data is stored in
> /var/lib/elasticsearch by default.  This is my first time using it, so that
> was one of the questions I had.
>
> For logstash, I followed the instructions at
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/_Logstash_Kibana_and_Suricata_JSON_output.
> I copied the geoip config verbatim.  Note: for step 2, the logstash conf
> should go in /etc/logstash/conf.d rather than /etc/init
>
> */etc/init.d/logstash start*
>
> Note: if you're using the init script like that instead of adding a
> service in /etc/init, you'll need to add "JAVA=/usr/bin/java" at line 83
> due to a bug in the script.
>
> Then just browse to http://your.server/kibana-3.0.0 and start poking
> around.
>
> Matt
>
> On 3/26/2014 11:38 AM, Victor Julien wrote:
>
> On 03/25/2014 11:06 PM, Cooper F. Nelson wrote:
>
>  Ok, got it working.  Ultimately I ended up starting over and
> installing elasticsearch via a package first.  Then the published
> process worked.
>
> I appreciate everyone's help!  Now I just need to figure out how
> to configure the dashboard.
>
>  Feel free to try mine:http://www.inliniac.net/files/Suricata-Eve-Dashboard
>
> You can load it through Kibana's 'load' button, then advanced, choose
> file. I think we will include one in the suricata tarball as well.
> Input welcome :)
>
> Cheers,
> Victor
>
>
>
>
I just updated my old guide here:
http://pevma.blogspot.se/2014/03/suricata-and-grand-slam-of-open-source_26.html

I will update the redmine docs soon too.
thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140326/ae5164d9/attachment-0002.html>


More information about the Oisf-users mailing list