search

outflanknl / RedELK

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
BSD 3-Clause "New" or "Revised" License
2.35k stars 371 forks source link

Implant.log_file not showing c2logs #264

Closed m7x closed 2 years ago

m7x commented 2 years ago

Hi

First of all, great tool!

It looks like that implant.log_file field in Kibana is correctly populated, however, nginx can't load the log file because isn't there. Looking at the code, it looks like the cron job (which was responsible of transferring the logs into web root) has been commented:

https://github.com/outflanknl/RedELK/blob/master/elkserver/mounts/redelk-config/etc/cron.d/redelk#L15

Can I just re-enable that cron script and run it within the container? Would that solve the issue?

Thanks

MarcOverIP commented 2 years ago

Yes, you need to modify that line for your specific environment and uncomment. This is as intended ;-)