SweetSecurity icon indicating copy to clipboard operation
SweetSecurity copied to clipboard

Published 20 hours ago verified publisher icon TravisFSmith

Not receiving alerts in Kibana

Open joesypula opened this issue 8 years ago • 4 comments

Hello!

I appreciate you putting this together. I do have a quick question.

I ran the "sensor only" install on my raspberry pi 3 and the "webserver only" on my linux box. It seemed to install correctly but I am not seeing any alerts coming into Kibana. How can I ensure that they are talking to eachother? I apologize if this is a stupid question, I am new to this.

Thank you

joesypula avatar Jul 28 '17 19:07 joesypula

I'm also trying this out at home. I've done a few sensor installs on Pi3s. The logstash install on the sensor talks to elasticsearch on the web server. Then Kibana sits over top of elasticsearch to provide the fancy pants graphics. I've found that the sensor installation will fail out if logstash can't communicate with elasticsearch on your web server so communication is probably OK. If you log into the SweetSecurity dashboard on your web server, it will tell you the status of your sensor. (https://[webserver IP])

buckshome avatar Jul 29 '17 16:07 buckshome

Ok thank you for the help

joesypula avatar Jul 31 '17 15:07 joesypula

Take a look at the presentation PDF file in the root directory of the repo, it provides some visualizations of the high level architecture of everything. To ensure that everything is talking correctly, go to https://[webserver IP]/settings. This will tell you the status of the web server and sensor services. If something is off, it should be highlighted here.

If the sweet security client service is working correctly, you should see devices appear on the home page of the web server. If you go to kibana (https://[webserver IP]:5602), you should see logs in the 'logstash-*' index, which will be an indication that logstash is communicating to elasticsearch correctly.

If any of the above seems off, let me know and I can help get your system up and running correctly.

TravisFSmith avatar Jul 31 '17 16:07 TravisFSmith

Thanks for the response! I appreciate the help

On Mon, Jul 31, 2017 at 12:37 PM, Travis Smith [email protected] wrote:

Take a look at the presentation PDF file in the root directory of the repo, it provides some visualizations of the high level architecture of everything. To ensure that everything is talking correctly, go to https://[webserver IP]/settings. This will tell you the status of the web server and sensor services. If something is off, it should be highlighted here.

If the sweet security client service is working correctly, you should see devices appear on the home page of the web server. If you go to kibana (https://[webserver IP]:5602), you should see logs in the 'logstash-*' index, which will be an indication that logstash is communicating to elasticsearch correctly.

If any of the above seems off, let me know and I can help get your system up and running correctly.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/TravisFSmith/SweetSecurity/issues/18#issuecomment-319126282, or mute the thread https://github.com/notifications/unsubscribe-auth/Ac66zB58GJZ23w31EPZ2fKS-KlsIAc4mks5sTgLOgaJpZM4OnArS .

joesypula avatar Aug 03 '17 19:08 joesypula