Peter Manev
Peter Manev
Actually - all logs generated by Suricata are in ``/var/log/suricata/eve.json``. You have different types and the alerts are `"event_type": "alert"`. From there they get transfered by logstash to elasticsearch and...
Thanks for trying it out! Yes - ``fast.log`` is irrelevant to displaying alerts in Scirius/Elasticsearch/Kibana. For rule updates - there is a cronjob in `/etc/crontab` that updates the rules daily....
Is that SELKS 5.0 ? It seem like an ``auth`` err - have you done any changes to the default config - i see `http auth` adjustments ?
Why did you do the change , what was needed? In SELKS authentication is done via Scirius by default and it works that way - hence my question - is...
What authentication is used on es , do you have Xpack enabled ?
Currently Scirius is in `charge` of authentication and uses a proxy so it is not fully compatible yet with Xpack. To confirm that - can you disable Xpack security /...
It seems it could be a proxy issue - prohibiting the page display
I think you could try in a test setup - fresh install without xpack enabled - to see if you will get the same err?
The certificates are located here - ``/etc/nginx/ssl/`` and they are specified in the config here - ``/etc/nginx/sites-available/``
Yes this applies for SELKS too.