gNyan
commented
7 years ago That's by design i believe. Option 2 assumes that you already have a server installed in another device (Pi or otherwise), which will have the elasticsearch running. The script is trying to connect to that server. Just be mindful to insert the same elasticsearch user and password on the client "setup", that you used on the server.
if you only the 1 Pi to use, you should choose option 1.
buckshome
Just read your IDS article on tripwire.com and decided to give it a shot since I had a spare raspberry pi 3 lying around. It looks like from the code that if you choose option 2 (sensor only) that it tries to connect to elasticsearch during the logstash installation process but elasticsearch doesn't install for option 2. It tries to connect 10 times and then exits. I'm not a programmer so forgive me if this is way off. Looks like you just updated the files so maybe you're still working out some bugs.