SELKS icon indicating copy to clipboard operation
SELKS copied to clipboard
verified publisher icon StamusNetworks

Suricata install on ubuntu 20.04

Open admiralmor opened this issue 4 years ago • 7 comments

Hi! Today for the first time I tried to install the SELKS components on ubuntu 20.04, during the installation process there were no special problems, but at the end I can't display the data, the page in evebox is empty = (Can you tell me the solution ? or at least where to look ? with the systemctl command, I checked the performance of all the services, everything works, everything is normal. I also checked the eve log.json it is filled in as suricata runs

admiralmor avatar Feb 13 '21 06:02 admiralmor

Some of the SELKS components are Debian only (just FYI, if you are pulling them from the selks repos).

pevma avatar Feb 13 '21 07:02 pevma

Some of the SELKS components are Debian only (just FYI, if you are pulling them from the selks repos).

no, I had used a separate installation for each component alternately installing and configuring all of the components you would not be able to help me ? nothing is displayed in the web evebox

admiralmor avatar Feb 13 '21 07:02 admiralmor

I would check users/permissions/suricata config (selks has specific setup on that part) , plus - https://github.com/StamusNetworks/SELKS/blob/master/staging/config/hooks/live/chroot-inside-Debian-Live.hook.chroot

pevma avatar Feb 13 '21 07:02 pevma

I would check users/permissions/suricata config (selks has specific setup on that part) , plus - https://github.com/StamusNetworks/SELKS/blob/master/staging/config/hooks/live/chroot-inside-Debian-Live.hook.chroot

is it possible that I am using the wrong configuration file ? Can I use this configuration file on my system ? https://github.com/StamusNetworks/SELKS/blob/master/staging/etc/logstash/conf.d/logstash.conf

admiralmor avatar Feb 13 '21 08:02 admiralmor

The configs in SELKS is actually what makes the whole stack stick toghether and communicate. If you just pick up a config file it would probably not be enough , you would need to make the specific adjustments too.

pevma avatar Feb 13 '21 08:02 pevma

maybe you know a good guide for installing suricata + ELK on ubuntu ? for this is already the 3rd guide that I use to install and I do not succeed

The configs in SELKS is actually what makes the whole stack stick toghether and communicate. If you just pick up a config file it would probably not be enough , you would need to make the specific adjustments too.

admiralmor avatar Feb 13 '21 08:02 admiralmor

if I don't set up this system by Monday my teacher will be furious =(

admiralmor avatar Feb 13 '21 08:02 admiralmor