Anyone out there?

[brandonmreeves]

Just checking in. Have not seen any updates in a while. Is this project still alive?

[pevma]

On 3 Jul 2018, at 23:43, brandonmreeves notifications@github.com wrote:

Just checking in. Have not seen any updates in a while. Is this project still alive?

Yes it is. We are planning a major upgrade soon. The upgrades are always available and ongoing by the way - not sure if you mean something specific.

Thanks

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[Jeroen0494]

Hi Peter,

How far along are you with the SELKS5 update? I created an ISO from the SELKS5 branch and it works alright. EveBox Alerts are not working in the inbox or Alerts, but they are visible under Events > Alerts. I really like the inclusion of Moloch.

1. Any chance Bro will be included as well for some extra protocol statistics?
2. Is is better to let Moloch monitor a PCAP directory or just let it sniff the same interface? I am planning on including Bro as well, but it doesn't support continuously reading a directory meaning both Suricata and Bro will be sniffing the same interface. Does this have a performance impact?

Thanks!

Jeroen

[pevma]

Thanks for trying the dev edition of SELKS5. We are constantly updating the pkg repo. We are planing on release during next week.

We have no plans of including Bro at the moment. Suricata is doing FPC and Moloch is watching the folder to digest the pcaps. Since Suricata can do FPC as well... by design we thought we would try it.

[Jeroen0494]

Hi Peter,

Thanks for the quick response. And thanks for the info!