Peter Manev
Peter Manev
Can you describe a bit more about your set up - is it ELK5/6 ? The data i meant the data in the logfile that is getting shipped (eve.json) for...
Are you with 3hr time diff from UTC?
Can you try changing the default time zone for the selks user see if that will have the desired effect ? (From mange accounts then select edit and adjust the...
Seems we need to adjust that indeed. @regit thoughts?
Hi, You mean SELKS iso, correct? If everything is flowing correctly - you may need to refresh and select a different time span on the dashboards?
If you have info in the dashboards it would mean that the log flow is working - which is good news. Did you do the initial set up as described...
It seems the logs are working as expected. The fact that you dont see alerts does not mean it is not working actually :) - but you are right --...
World map results should be there as soon as you have alerts with public IPs. Is that the case?
In Scirius - can you try upper left corner(Stamus Icon) - drop down menu - choose a dashboard?
SELKS uses Suricata and its better features available - the eve.json log file being one of those. Suricata's configuration does not have the legacy `fast.log` enabled as the json format...