OPNsense Forum
English Forums => Intrusion Detection and Prevention => Topic started by: spetrillo on May 29, 2019, 04:02:02 pm
-
Hello all,
Is anyone using a front end web app for Suricata or just using the alert section in the OPNsense gui?
Thanks,
Steve
-
I'm still using the OPNsense gui. But i will push the events into a ELK-Stack with a Dashboard.
That's the best opinion in my eyes to get the most out of the logs.
-
It seems I am heading down the same path. I am building an ELK stack on a Windows box but how do you push the logs to the other device? Is there a config to tell Suricata to send the logs?
-
If you use an ELK Stack, you can install Logtash (that´s the "L" in the ELK) on your OPNsense.
So you can push the needed logs.
Or you can use default Syslog daemon that comes with the OPNsense if you don´t wont to change to much on your Firwall. In Suricata enable syslog alerts.
There is an Logtash config for OPNSense around from fabian -> https://github.com/fabianfrz/opnsense-logstash-config
For ELK itself, there are already great dashboard for Suricata.
-
Aha...so I only need the E and K on my other machine...thanks for clarifying that!