pevma
commented
7 years ago fast.log should be irrelevant to Scirius events. Do you have those events in eve.json? (in general that is digested by ES and then Scirius reads in from there)
Closed keetawat closed 6 years ago
pevma
commented
7 years ago fast.log should be irrelevant to Scirius events. Do you have those events in eve.json? (in general that is digested by ES and then Scirius reads in from there)
keetawat
commented
7 years ago Dear Mr.Peter,
Thank you for your reply. Both of logs are in place as well but I think this is because of performance of server. I running on 16GB RAM and RAID-0 SSD 1TB and 1Gbps Data Rate.
Do you think this is enough of system requirement?
Please consider.
Sincerely Yours,
Keetawat (Kui) Chaichompoo
Email : keetawatmailto:keetawatchaichompoo@gmail.com_tc@hotmail.commailto:tc@hotmail.com
Cell : +66-835784931<tel:+66-835784931>
WhatsApp : +66835784931<tel:+66835784931>
Skype : Keetawat Chaichompoo
Line ID : keetawatchaichompoo
Sent from my iPhone
On 5 Oct BE 2560, at 17:06, Peter Manev notifications@github.com<mailto:notifications@github.com> wrote:
fast.log should be irrelevant to Scirius events. Do you have those events in eve.json? (in general that is digested by ES and then Scirius reads in from there)
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/StamusNetworks/scirius/issues/118#issuecomment-334420344, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AFxM1fPNlK2k43sKLvu5402MeAJDvyZEks5spKoQgaJpZM4PsDpY.
pevma
commented
7 years ago Are you using SELKS or just Scirius stand alone ?
On 5 Oct 2017, at 15:36, keetawat notifications@github.com wrote:
Dear Mr.Peter,
Thank you for your reply. Both of logs are in place as well but I think this is because of performance of server. I running on 16GB RAM and RAID-0 SSD 1TB and 1Gbps Data Rate.
Do you think this is enough of system requirement?
Please consider.
Sincerely Yours,
Keetawat (Kui) Chaichompoo
Email : keetawatmailto:keetawatchaichompoo@gmail.com_tc@hotmail.commailto:tc@hotmail.com
Cell : +66-835784931<tel:+66-835784931>
WhatsApp : +66835784931<tel:+66835784931>
Skype : Keetawat Chaichompoo
Line ID : keetawatchaichompoo
Sent from my iPhone
On 5 Oct BE 2560, at 17:06, Peter Manev notifications@github.com<mailto:notifications@github.com> wrote:
fast.log should be irrelevant to Scirius events. Do you have those events in eve.json? (in general that is digested by ES and then Scirius reads in from there)
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/StamusNetworks/scirius/issues/118#issuecomment-334420344, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AFxM1fPNlK2k43sKLvu5402MeAJDvyZEks5spKoQgaJpZM4PsDpY. — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
keetawat
commented
7 years ago Dear Mr.Peter,
I'm using SELKS and running the pcap capture.
Thank you very much.
From: Peter Manev notifications@github.com Sent: Thursday, October 5, 2017 9:58 PM To: StamusNetworks/scirius Cc: keetawat; Author Subject: Re: [StamusNetworks/scirius] fast.log moving but no activity on Scirius Page (#118)
Are you using SELKS or just Scirius stand alone ?
On 5 Oct 2017, at 15:36, keetawat notifications@github.com wrote:
Dear Mr.Peter,
Thank you for your reply. Both of logs are in place as well but I think this is because of performance of server. I running on 16GB RAM and RAID-0 SSD 1TB and 1Gbps Data Rate.
Do you think this is enough of system requirement?
Please consider.
Sincerely Yours,
Keetawat (Kui) Chaichompoo
Email : keetawatmailto:keetawatchaichompoo@gmail.com_tc@hotmail.commailto:tc@hotmail.com
Cell : +66-835784931<tel:+66-835784931>
WhatsApp : +66835784931<tel:+66835784931>
Skype : Keetawat Chaichompoo
Line ID : keetawatchaichompoo
Sent from my iPhone
On 5 Oct BE 2560, at 17:06, Peter Manev notifications@github.com<mailto:notifications@github.com> wrote:
fast.log should be irrelevant to Scirius events. Do you have those events in eve.json? (in general that is digested by ES and then Scirius reads in from there)
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/StamusNetworks/scirius/issues/118#issuecomment-334420344, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AFxM1fPNlK2k43sKLvu5402MeAJDvyZEks5spKoQgaJpZM4PsDpY. — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/StamusNetworks/scirius/issues/118#issuecomment-334491619, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AFxM1ZvE3k4yUT3MZfyCSqkpd-j9wRFqks5spO6NgaJpZM4PsDpY.
pevma
commented
7 years ago With regards to the no graph display in Scirius:
With regards to the system requirements - what NIC/CPUs are you having?
You would need more RAM for Elasticsearch i think.
What I can suggest is to do a test run/PoC and that will give a very good idea I think about the HW needed.
regit
commented
6 years ago No feedback, closed.
Dear All,
I was done the tail -f /var/log/suricata/fast.log and this process shown the movement as well but when I open the Scirius System, I could not see any activity on it.
Please be so kind to give me a suggestion.
Best & Regards Keetawat