JSylvia007
commented
5 years ago Any movement on this? Its still not working for me.
Open JSylvia007 opened 5 years ago
JSylvia007
commented
5 years ago Any movement on this? Its still not working for me.
JSylvia007
commented
5 years ago Bump?? Anybody home?
ghost
commented
5 years ago You still stuck on this @JSylvia007?
I found a work around for it all. I Never got his package to work but I did manage to do it manually.
JSylvia007
commented
5 years ago Hey @pipetennathan... I did get it sorted out the same way. It was a bit of a pain but looking through all the logs helped me to figure it out.
ghost
commented
5 years ago Hey @PipeTenNathan... I did get it sorted out the same way. It was a bit of a pain but looking through all the logs helped me to figure it out.
Did you get beats working over TLS? I did. Posted the method here. https://forum.netgate.com/topic/136998/how-to-send-snort-alert-logs-to-graylog-without-barnyard2/11
jimbrzk
commented
5 years ago Hi,
i meanage to make working content pack for Graylog 3 if some one is still intrasted in it.
content-pack-dd56a523-b5e7-402d-a648-f96d771372cd-1.json.txt
I can't make Grafana to make some charts, can somebody help me with it?
robben-ar
commented
5 years ago How would it be manually? Could you share that solution? We would be very grateful. I have working with ELK but I can't find the Graylog.
ghost
commented
5 years ago Hi,
i meanage to make working content pack for Graylog 3 if some one is still intrasted in it.
content-pack-dd56a523-b5e7-402d-a648-f96d771372cd-1.json.txt
I can't make Grafana to make some charts, can somebody help me with it?
So for Grafana youll need to use their elastic search input and ensure all inputs to it are JSON (which is done with a tickbox in suracata settings in EVE output settings)
On the Graylog server you'll need to;
curl 'localhost:9200/_cat/indices?v' < --- this will work
curl '$domainname:9200/_cat/indices?v' < --- this will fail
----
echo 'network.host: 0.0.0.0' >> /etc/elasticsearch/elasticsearch.yml
systemctl restart elasticsearch.service
WAIT LIKE 60 Seconds.
curl '$domainname:9200/_cat/indices?v' < --- this NOW will work
curl '192.168.xx.xx:9200/_cat/indices?v'< --- this NOW will work
if you have a FW you will have to add the IP and port to a FW rule
firewall-cmd --permanent --add-port=9200/tcp --zone=permitted
firewall-cmd --permanent --add-source=xxx.xxx.xxx.xxx/32 --zone=permitted
firewall-cmd --reload
Grafana elastic only cares about JSON. it ignores everything else.
Hope this helps.
TDJ211
commented
5 years ago Thanks kubala156, I was able to import your revised content pack.
But now im stuck on adding the custom Suricata-elastic-template in elasticsearch Brain. In the instructions, it appears he accesses the Elasticsearch GUI. How do I access that? Is it same IP and different port number? Or is it something that is done from the CLI?
robben-ar
commented
5 years ago Thanks kubala156, I was able to import your revised content pack.
But now im stuck on adding the custom Suricata-elastic-template in elasticsearch Brain. In the instructions, it appears he accesses the Elasticsearch GUI. How do I access that? Is it same IP and different port number? Or is it something that is done from the CLI?
You can do that with Cerebro: https://github.com/lmenezes/cerebro
I could import the Content Pack and import the template but I still cannot copy the geo_point fields. So grafana is not able to graph the points on the map :(
Could someone import the templates well? I am using Elasticsearch 5.6 I hope we can make good huntings.-
TDJ211
commented
5 years ago Thanks kubala156, I was able to import your revised content pack. But now im stuck on adding the custom Suricata-elastic-template in elasticsearch Brain. In the instructions, it appears he accesses the Elasticsearch GUI. How do I access that? Is it same IP and different port number? Or is it something that is done from the CLI?
You can do that with Cerebro: https://github.com/lmenezes/cerebro
I could import the Content Pack and import the template but I still cannot copy the geo_point fields. So grafana is not able to graph the points on the map :(
Could someone import the templates well? I am using Elasticsearch 5.6 I hope we can make good huntings.-
Thanks for the assist. I eventually got Cerebro up, but now its giving me an error when trying to import the new template. I just copy and pasted and its giving me an error.
robben-ar
commented
5 years ago Thanks kubala156, I was able to import your revised content pack. But now im stuck on adding the custom Suricata-elastic-template in elasticsearch Brain. In the instructions, it appears he accesses the Elasticsearch GUI. How do I access that? Is it same IP and different port number? Or is it something that is done from the CLI?
You can do that with Cerebro: https://github.com/lmenezes/cerebro I could import the Content Pack and import the template but I still cannot copy the geo_point fields. So grafana is not able to graph the points on the map :( Could someone import the templates well? I am using Elasticsearch 5.6 I hope we can make good huntings.-
Thanks for the assist. I eventually got Cerebro up, but now its giving me an error when trying to import the new template. I just copy and pasted and its giving me an error.
In this Youtube channel, it explains in a very simple way the installation and configuration of Graylog and Grafana: https://www.youtube.com/channel/UCXPdZsu8g1nKerd-o5A75vA
If someone could solve the geo_point issue please let us know.
Regards.-
flotpg
commented
2 years ago I also can't import the template: " Error creating template"
elasticsearch: 7.10.2
Howdy! So after the success if the pfSense dashboard that you provided, I figured I would try the Suricata one, especially after what I learned from the pfSense one.
The issue is, I can't get past the content pack piece... I am able to upload it, but I can't apply it. When I try to apply it, I get an error telling me to check the logs. This is an export of the log: