Open hence4thkingofthenorth opened 2 years ago
pclever1
commented
2 years ago I ended up switching to debian so that I could stay up to date with the project's development. You can try the docker version or manual install process if you want to use centos but I don't recommend it unless you are very determined.
Sorry I couldn't be more help
hence4thkingofthenorth
commented
2 years ago Hi Peter,
Thanks very much for taking the time to respond. The project is impressive and I’m going to continue to work on centos as best I can. I appreciate all the effort you’ve put into the project and if I find it too daunting maybe I’ll switch to Deb. I do have it all up and running (collecting syslogs from pfSense) but I have not gotten the customizations filters, visualizations, etc) quite yet. I’ve got it all running on a centos automated build so I can spin up and spin down single node clusters at will.
If I can get everything going I’ll let you know.
Thanks again for reaching out and for your work on the project!
Ryan
Sent from my iPhone
On Nov 19, 2021, at 6:37 PM, Peter @.***> wrote:
I ended up switching to debian so that I could stay up to date with the project's development. You can try the docker version or manual install process if you want to use centos but I don't recommend it unless you are very determined.
Sorry I couldn't be more help
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.
hence4thkingofthenorth
commented
2 years ago Good evening Peter,
I've struggled enough and gave up on forcefully using centos :-)
I am now running a relatively vanilla install of Ubuntu 20.4, and pfelk that was installed today from the install script. I also installed patterns and dashboards using the scripts, hoping to KISS (keep it simple) my way through it.
I have pfsense set up to send logs over 5140 to my pfsense VM. I can see that dashboards and index patterns have been created, but no data appears, "No results match your search criteria" and "No matching indices found: No indices match pattern "-pfelk-firewall"" are displayed. I can see that datagrams are being sent from the firewall to the pfsense VM: [image: image.png] [image: image.png] [image: image.png]
[image: image.png]
I was hoping you might have some troubleshooting suggestions or pointers as to where I might find the issue?
Thanks very much for your help and your work on the project!
Ryan
On Sat, Nov 20, 2021 at 7:41 AM Ryan Revolution @.***> wrote:
Hi Peter,
Thanks very much for taking the time to respond. The project is impressive and I’m going to continue to work on centos as best I can. I appreciate all the effort you’ve put into the project and if I find it too daunting maybe I’ll switch to Deb. I do have it all up and running (collecting syslogs from pfSense) but I have not gotten the customizations filters, visualizations, etc) quite yet. I’ve got it all running on a centos automated build so I can spin up and spin down single node clusters at will.
If I can get everything going I’ll let you know.
Thanks again for reaching out and for your work on the project!
Ryan
Sent from my iPhone
On Nov 19, 2021, at 6:37 PM, Peter @.***> wrote:
I ended up switching to debian so that I could stay up to date with the project's development. You can try the docker version or manual install process if you want to use centos but I don't recommend it unless you are very determined.
Sorry I couldn't be more help
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/pclever1/pfELK-centos/issues/1#issuecomment-974541158, or unsubscribe https://github.com/notifications/unsubscribe-auth/AWRPDFENSCPWG7YNUF63YG3UM3NUZANCNFSM5IHZY7YQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
the following endpoints are unreachable (404 not found):
sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/conf.d/01-inputs.conf sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/conf.d/05-syslog.conf sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/conf.d/10-pf.conf sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/conf.d/11-firewall.conf sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/conf.d/50-outputs.conf sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/conf.d/12-suricata.conf sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/conf.d/13-snort.conf sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/conf.d/15-others.conf
sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/conf.d/patterns/pf-09.2019.grok
There is another pfelk project on GITHUB, but it is for Ubuntu (I would really prefer CentOS) and does not have the same filenames. I'm unsure of what to copy or where to get it. Pleas help :-)