[Oisf-users] Suricata 2.0 Available!
Peter Manev
petermanev at gmail.com
Fri Mar 28 10:24:02 UTC 2014
On Wed, Mar 26, 2014 at 10:02 PM, Peter Manev <petermanev at gmail.com> wrote:
>
>
>
> On Wed, Mar 26, 2014 at 8:48 PM, Matt <matt at somedamn.com> wrote:
>>
>> Here's what I did for Ubuntu 12.04:
>>
>> apt-get install libjansson-dev libgeoip-dev
>>
>> If you're starting from a clean server, there are probably other missing
>> dependencies. Those are just two I noticed during my install. Libjansson
>> is needed for the EVE output.
>>
>> wget http://www.openinfosecfoundation.org/download/suricata-2.0.tar.gz
>> tar -vxzf suricata-2.0.tar.gz
>> cd suricata-2.0
>> ./configure --prefix=/opt/suricata --localstatedir=/var --enable-geoip
>> make
>> make install
>> LD_LIBRARY_PATH=/opt/suricata/lib /opt/suricata/bin/suricata -c
>> /opt/suricata/etc/suricata/suricata.yaml --af-packet=eth1 -v
>>
>> Suricata should be running at this point.
>>
>> apt-get install openjdk-7-jdk openjdk-7-jre-headless apache2
>>
>> Again you may find other missing dependencies for ELK on your own
>> machines.
>>
>> wget
>> https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.1.0.deb
>> wget
>> https://download.elasticsearch.org/logstash/logstash/packages/debian/logstash_1.4.0-1-c82dc09_all.deb
>> wget https://download.elasticsearch.org/kibana/kibana/kibana-3.0.0.tar.gz
>>
>> dpkg -i elasticsearch-1.1.0.deb
>> dpkg -i logstash_1.4.0-1-c82dc09_all.deb
>> tar -C /var/www/ -vxzf kibana-3.0.0.tar.gz
>>
>> /etc/init.d/elasticsearch start
>>
>> In case you're wondering, the elasticsearch data is stored in
>> /var/lib/elasticsearch by default. This is my first time using it, so that
>> was one of the questions I had.
>>
>> For logstash, I followed the instructions at
>> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/_Logstash_Kibana_and_Suricata_JSON_output.
>> I copied the geoip config verbatim. Note: for step 2, the logstash conf
>> should go in /etc/logstash/conf.d rather than /etc/init
>>
>> /etc/init.d/logstash start
>>
>> Note: if you're using the init script like that instead of adding a
>> service in /etc/init, you'll need to add "JAVA=/usr/bin/java" at line 83 due
>> to a bug in the script.
>>
>> Then just browse to http://your.server/kibana-3.0.0 and start poking
>> around.
>>
>> Matt
>>
>> On 3/26/2014 11:38 AM, Victor Julien wrote:
>>
>> On 03/25/2014 11:06 PM, Cooper F. Nelson wrote:
>>
>> Ok, got it working. Ultimately I ended up starting over and
>> installing elasticsearch via a package first. Then the published
>> process worked.
>>
>> I appreciate everyone's help! Now I just need to figure out how
>> to configure the dashboard.
>>
>> Feel free to try mine:
>> http://www.inliniac.net/files/Suricata-Eve-Dashboard
>>
>> You can load it through Kibana's 'load' button, then advanced, choose
>> file. I think we will include one in the suricata tarball as well.
>> Input welcome :)
>>
>> Cheers,
>> Victor
>>
>>
>
> I just updated my old guide here:
> http://pevma.blogspot.se/2014/03/suricata-and-grand-slam-of-open-source_26.html
>
> I will update the redmine docs soon too.
> thanks
>
>
The redmine instructions
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/_Logstash_Kibana_and_Suricata_JSON_output
are updated too.
Thanks Matt for the input!
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list