OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: spetrillo on May 29, 2019, 04:02:02 pm

Title: Front End for Suricata
Post by: spetrillo on May 29, 2019, 04:02:02 pm

Hello all,

Is anyone using a front end web app for Suricata or just using the alert section in the OPNsense gui?

Thanks,
Steve

Title: Re: Front End for Suricata
Post by: BeNe on June 05, 2019, 04:27:01 pm

I'm still using the OPNsense gui. But i will push the events into a ELK-Stack with a Dashboard.
That's the best opinion in my eyes to get the most out of the logs.

Title: Re: Front End for Suricata
Post by: spetrillo on June 06, 2019, 06:30:19 pm

It seems I am heading down the same path. I am building an ELK stack on a Windows box but how do you push the logs to the other device? Is there a config to tell Suricata to send the logs?

Title: Re: Front End for Suricata
Post by: BeNe on June 06, 2019, 08:17:53 pm

If you use an ELK Stack, you can install Logtash (that´s the "L" in the ELK) on your OPNsense.
So you can push the needed logs.

Or you can use default Syslog daemon that comes with the OPNsense if you don´t wont to change to much on your Firwall. In Suricata enable syslog alerts.

There is an Logtash config for OPNSense around from fabian -> https://github.com/fabianfrz/opnsense-logstash-config

For ELK itself, there are already great dashboard for Suricata.

Title: Re: Front End for Suricata
Post by: spetrillo on June 06, 2019, 08:29:58 pm

Aha...so I only need the E and K on my other machine...thanks for clarifying that!