Comments (9)
I personally have not tried it, but I think passing "--enable-prelude" to configure should be enough.
This is how Suricata is configured on SELKS - https://github.com/StamusNetworks/SELKS/wiki/Config-files#suricata - then the suricata.yaml is located here - /etc/suricata/suricata.yaml
from selks.
Thx for this answer;
But I must re-complied with --enable-prelude right ? I didn't find the configure.sh. Or i just must write "yes" instead "no" in suricata.yaml ? Because on the section "prelude" in suricata.yaml it's write :
alert output to prelude (http://www.prelude-technologies.com/) only
available if Suricata has been compiled with --enable-prelude
Sorry for this stupid questions, i'm student and i'm newbie with IDS and monitoring ^^
Thx to you
from selks.
You could use those two guides as a reference:
https://github.com/StamusNetworks/SELKS/wiki/How-to-compile-latest-Suricata-on-SELKS
https://www.prelude-siem.org/projects/prelude/wiki/InstallingAgentThirdpartySuricata
from selks.
Thx you, but after did :
git clone git://phalanx.openinfosecfoundation.org/oisf.git
&& cd oisf && git clone https://github.com/OISF/libhtp.git -b 0.5.x
./autogen.sh
./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/
--enable-nfqueue --enable-non-bundled-htp --disable-gccmarch-native
--enable-geoip --enable-gccprotect
--with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/
--with-libnspr-libraries=/usr/lib --with-libnspr-includes=/usr/include/nspr
--enable-luajit --enable-prelude
service suricata restart
When I got on Scirius panel page "Suricata" :
Unable to get data from Elasticsearch
Why all my service restart ? I also updated, builded and pushed rulset suricata but always this error ...
What did I do wrong ?
Thx for the answers :)
from selks.
Ho and on system status, suricata is red and elasticsearch is yellow
from selks.
Did you check if Suricata is running?
from selks.
yes I think :
/etc/init.d/suricata status
β suricata.service - LSB: Next Generation IDS/IPS
Loaded: loaded (/etc/init.d/suricata)
Active: active (exited) since ven. 2015-06-05 11:43:20 CEST; 3min 24s ago
Process: 845 ExecStart=/etc/init.d/suricata start (code=exited, status=0/SUCCESS)
juin 05 11:43:16 SELKS suricata[845]: Starting suricata in IDS (af-packet) ...e.
from selks.
I think you need to is stop suricata, delete /var/run/suricata.pid (if any existing), start suricata.
from selks.
It works, I re-installed SELKS iso, because I think the issue was when I touched the surcata.yaml and configuration prelude before re-compiling. And Now I compiled with --enable-prelude and I touched the surcicata.yaml and it works. Now I must install Prelude and OSSEC.
Thx to you, have a nice day !
from selks.
Related Issues (20)
- β¨β¨ SELKS iso HOT 3
- ππΏ selks-first-time-setup_stamus command not found HOT 3
- elasticsearch unable to start due to wrong ownership HOT 1
- Default deployment of SELKS dockerized version over Ubuntu 22.04.4 LTS does not work ππ HOT 6
- ππ: Elasticsearch container does not come up/constantly restarts; state always: 'Restarting': sudo docker ps -a | grep elasticsearch HOT 6
- β¨β¨ Port overlapping 8000 and 443
- SELKS Docker /suricata/update Issue HOT 1
- SELKS/Suricata output to another probe or SOC HOT 1
- Custom Elasticsearch: Error: ES failure: ES connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed HOT 1
- Portscan alarm
- ππΏ MAJOR BUG INSTALLING VERSION 10 HOT 1
- Update of source is not workingππ <title> HOT 4
- Scirius - Invalid user login after docker-compose HOT 13
- ARM64 supportππ <title> HOT 8
- ππΏ Suppression gives 400 Bad Request HOT 6
- ππ Internal Server Error when trying to view/edit/change a suppress rule HOT 7
- ππNewly updated dockerized suricata segmentation fault on high traffic ... HOT 19
- ππ Server 500 Error on System Settings after a clean install HOT 2
- ππ Bug on elasticsearch index mapping for IP fields search HOT 1
- ππ Either missing parameter to allow max index search output, or missing default fields declaration on created elasticsearch indices HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from selks.