[Oisf-users] PFSense and Kibana
Daniel Eschner
daniel at linux-nerd.de
Sat Jun 18 13:23:27 UTC 2016
I got this working. It seems that the Elastic output was not configured as i wish.
Now i created my own output template and that should work ;)
Just the „action Block“ is missing in my index.
> Am 18.06.2016 um 14:15 schrieb Daniel Eschner <daniel at linux-nerd.de>:
>
>
>> Am 18.06.2016 um 12:46 schrieb Eric Leblond <eric at regit.org <mailto:eric at regit.org>>:
>>
>> Hi,
>> Le 18 juin 2016 11:07 AM, Daniel Eschner <daniel at linux-nerd.de <mailto:daniel at linux-nerd.de>> a écrit :
>> >
>> > Hi there,
>> >
>> > i run Suricata on a pfSense. I Try to build some Dashboards. For the First everthing seems running but it seems i have Problems with domains like linux-nerd.de <http://linux-nerd.de/>
>> > In the Dashboard its shown as linux
>> > All Domains or attacks or wha ever with - in the Word get broken.
>>
>> You need to use the .raw version of each keys to get it unanalyzed and then consider as a single expression.
>>
> Mhh, i dont have .raw in the drop down menu. Do i have to configure something special in Filebeat maybe?
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160618/67452983/attachment-0002.html>
More information about the Oisf-users
mailing list