jasonish
commented
1 year ago How are you adding events to your database?
Closed ngms17 closed 1 year ago
jasonish
commented
1 year ago How are you adding events to your database?
vvperedery
commented
1 year ago I have the same question. I am using Suricata and ELK. NO Filebeat
ngms17
commented
1 year ago Hi am sending the logs to ES via Filebeat (Suricata module) and i am running evebox server against my ES host to fetch the events
jasonish
commented
1 year ago GeoIP data should be added by the log processor. So in these cases either Logstash or Filebeat.
If the geoip is being added, but just not being displayed by EveBox, send me an event sample in JSON and I'll take a look.
ngms17
commented
1 year ago How can i send it to you on private?
vvperedery
commented
1 year ago 
I'm talking about this panel in evebox. How to make it work? Screenshot is from working stamus selks.
GeoIP in Logstash works fine, thanks for your reply
jasonish
commented
1 year ago How can i send it to you on private?
My email should be visible on my GitHub profile if you want to verify, but email to ish@unx.ca works.
ngms17
commented
1 year ago Any news?
jasonish
commented
1 year ago Any news?
Not really. I have ECS events now in my Elastic and see the geo ip.. Won't be hard to add now. Next week or 2 as I'm travelling this week.
jasonish
commented
1 year ago Looking at something like this for ECS provided GeoIP...
ngms17
commented
1 year ago Thank you! Seems perfect. Waiting for any updates
jasonish
commented
1 year ago You can give the latest development build a try: https://evebox.org/files/development/
How can i get evebox to show me the GeoIP section when i look into a event/alert log?
I already have the geoIP databases on my server.
Thank you.