search

TravisFSmith / SweetSecurity

Network Security Monitoring on Raspberry Pi type devices
Apache License 2.0
777 stars 190 forks source link

Not receiving alerts in Kibana #18

Open joesypula opened 7 years ago

joesypula commented 7 years ago

Hello!

I appreciate you putting this together. I do have a quick question.

I ran the "sensor only" install on my raspberry pi 3 and the "webserver only" on my linux box. It seemed to install correctly but I am not seeing any alerts coming into Kibana. How can I ensure that they are talking to eachother? I apologize if this is a stupid question, I am new to this.

Thank you

buckshome commented 7 years ago

I'm also trying this out at home. I've done a few sensor installs on Pi3s. The logstash install on the sensor talks to elasticsearch on the web server. Then Kibana sits over top of elasticsearch to provide the fancy pants graphics. I've found that the sensor installation will fail out if logstash can't communicate with elasticsearch on your web server so communication is probably OK. If you log into the SweetSecurity dashboard on your web server, it will tell you the status of your sensor. (https://[webserver IP])

joesypula commented 7 years ago

Ok thank you for the help

TravisFSmith commented 7 years ago

Take a look at the presentation PDF file in the root directory of the repo, it provides some visualizations of the high level architecture of everything. To ensure that everything is talking correctly, go to https://[webserver IP]/settings. This will tell you the status of the web server and sensor services. If something is off, it should be highlighted here.

If the sweet security client service is working correctly, you should see devices appear on the home page of the web server. If you go to kibana (https://[webserver IP]:5602), you should see logs in the 'logstash-*' index, which will be an indication that logstash is communicating to elasticsearch correctly.

If any of the above seems off, let me know and I can help get your system up and running correctly.

joesypula commented 7 years ago

Thanks for the response! I appreciate the help

On Mon, Jul 31, 2017 at 12:37 PM, Travis Smith notifications@github.com wrote:

Take a look at the presentation PDF file in the root directory of the repo, it provides some visualizations of the high level architecture of everything. To ensure that everything is talking correctly, go to https://[webserver IP]/settings. This will tell you the status of the web server and sensor services. If something is off, it should be highlighted here.

If the sweet security client service is working correctly, you should see devices appear on the home page of the web server. If you go to kibana (https://[webserver IP]:5602), you should see logs in the 'logstash-*' index, which will be an indication that logstash is communicating to elasticsearch correctly.

If any of the above seems off, let me know and I can help get your system up and running correctly.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/TravisFSmith/SweetSecurity/issues/18#issuecomment-319126282, or mute the thread https://github.com/notifications/unsubscribe-auth/Ac66zB58GJZ23w31EPZ2fKS-KlsIAc4mks5sTgLOgaJpZM4OnArS .