nessusbeat icon indicating copy to clipboard operation
nessusbeat copied to clipboard

Published 20 hours ago verified publisher icon darvid

Problems to get Nessusbeat working

Open TomiES opened this issue 7 years ago • 3 comments

Hi I tried to get Nessusbeat working in Elasticsearch 5.5.2 environment. Unfortunately Index isn't created. Errormessage in logs was caused by trying to download Kibana sample dashboard. . Is this version of compatible with ES 6.x only ?

Thanks

017-08-30T15:12:46+03:00 DBG Disable stderr logging 2017-08-30T15:12:46+03:00 INFO Home path: [/opt/nessusbeat] Config path: [/opt/nessusbeat] Data path: [/opt/nessusbeat/data] Logs path: [/opt/nessusbeat/logs] 2017-08-30T15:12:46+03:00 INFO Beat metadata path: /opt/nessusbeat/data/meta.json 2017-08-30T15:12:46+03:00 INFO Beat UUID: 6339346f-2085-4ee4-8025-2a609cdb88c8 2017-08-30T15:12:46+03:00 INFO Setup Beat: nessusbeat; Version: 6.0.0-alpha3 2017-08-30T15:12:46+03:00 DBG Processors: 2017-08-30T15:12:46+03:00 DBG Initializing output plugins 2017-08-30T15:12:46+03:00 INFO Elasticsearch url: http://127.0.0.1:9200 2017-08-30T15:12:46+03:00 INFO Activated elasticsearch as output plugin. 2017-08-30T15:12:46+03:00 DBG Create output worker 2017-08-30T15:12:46+03:00 INFO Publisher name: nessusbeat 2017-08-30T15:12:46+03:00 INFO Metrics logging every 30s 2017-08-30T15:12:46+03:00 INFO Flush Interval set to: 1s 2017-08-30T15:12:46+03:00 INFO Max Bulk Size set to: 50 2017-08-30T15:12:46+03:00 DBG create bulk processing worker (interval=1s, bulk size=50) 2017-08-30T15:12:46+03:00 INFO Elasticsearch url: http://127.0.0.1:9200 2017-08-30T15:12:46+03:00 DBG ES Ping(url=http://127.0.0.1:9200, timeout=1m30s) 2017-08-30T15:12:46+03:00 DBG Ping status code: 200 2017-08-30T15:12:46+03:00 INFO Connected to Elasticsearch version 5.5.2 2017-08-30T15:12:46+03:00 DBG HEAD http://127.0.0.1:9200/.kibana 2017-08-30T15:12:46+03:00 DBG Created temporary directory /tmp/tmp835441651 2017-08-30T15:12:46+03:00 DBG Downloading https://artifacts.elastic.co/downloads/beats/beats-dashboards/beats-dashboards-6.0.0-alpha3.zip 2017-08-30T15:12:47+03:00 CRIT Exiting: Error importing Kibana dashboards: Error importing URL/file: Failed to down

TomiES avatar Aug 30 '17 12:08 TomiES

I use Nessusbeat with ES 5.5.x, so it should work. Could I see your nessusbeat config file please?

darvid avatar Aug 30 '17 12:08 darvid

Here is content of nessusbeat.yml. I have tried other beats with local ES so connection is working.

-Tomi

################### Nessusbeat Configuration Example #########################

############################# Nessusbeat ######################################

nessusbeat: report_path: /opt/nessus/var/nessus/users/admin/reports #cacert_path: #api_url: #api_username: #api_password: #timestamp_fields:

name: nessusbeat

#================================ General =====================================

The name of the shipper that publishes the network data. It can be used to group

all the transactions sent by a single shipper in the web interface.

#name:

The tags of the shipper are included in their own field with each

transaction published.

#tags: ["service-X", "web-tier"]

Optional fields that you can specify to add additional information to the

output.

#fields:

env: staging

#================================ Outputs =====================================

Configure what outputs to use when sending the data collected by the beat.

Multiple outputs may be used.

#-------------------------- Elasticsearch output ------------------------------ output.elasticsearch: hosts: ["127.0.0.1:9200"]

Optional protocol and basic auth credentials.

#protocol: "https" #username: "elastic" #password: "changeme"

#----------------------------- Logstash output -------------------------------- #output.logstash:

The Logstash hosts

hosts: ["localhost:5044"]

Optional SSL. By default is off.

List of root certificates for HTTPS server verifications

#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

Certificate for SSL client authentication

#ssl.certificate: "/etc/pki/client/cert.pem"

Client Certificate Key

#ssl.key: "/etc/pki/client/cert.key"

#================================ Logging =====================================

Sets log level. The default log level is info.

Available log levels are: critical, error, warning, info, debug

logging.level: debug

At debug level, you can selectively enable logging only for some components.

To enable all selectors use ["*"]. Examples of other selectors are "beat",

"publish", "service".

logging.selectors: ["*"]

From: David Gidwani [mailto:[email protected]] Sent: keskiviikko 30. elokuuta 2017 15.54 To: darvid/nessusbeat [email protected] Cc: Tomi Simonen [email protected]; Author [email protected] Subject: Re: [darvid/nessusbeat] Problems to get Nessusbeat working (#3)

I use Nessusbeat with ES 5.5.x, so it should work. Could I see your nessusbeat config file please?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/darvid/nessusbeat/issues/3#issuecomment-325980757, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AeBKZXYCw1fQcY0TqbA3Sb9BTgYUgsW0ks5sdVtQgaJpZM4PHTcK.

TomiES avatar Aug 31 '17 06:08 TomiES

Can you try adding setup.dashboards.enabled: false to the config?

darvid avatar Aug 31 '17 13:08 darvid