Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
NTopNG consuming Suricata EVE logs
« previous
next »
Print
Pages: [
1
]
Author
Topic: NTopNG consuming Suricata EVE logs (Read 2713 times)
Domenec
Newbie
Posts: 2
Karma: 0
NTopNG consuming Suricata EVE logs
«
on:
February 03, 2021, 07:01:27 am »
Hi Guys,
this is my mirst post here so apologies if this is not the correct place to ask.
I've been looking for several days just in case this question was replied before but I could't find this setup.
The question is that ntopng seems capable to read and show suricata logs if exported in EVE format. Also in ntopng there is a script to read suricata logs, but i'm not capable of make it work.
Somebody tried this setup before?
Thanks in advance!
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: NTopNG consuming Suricata EVE logs
«
Reply #1 on:
February 03, 2021, 08:08:19 am »
At which step do you fail?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Domenec
Newbie
Posts: 2
Karma: 0
Re: NTopNG consuming Suricata EVE logs
«
Reply #2 on:
February 03, 2021, 08:18:46 am »
Thanks for your fast reply.
Just can't see the suricata logs on ntopng 'alerts' section that is where I expect too see it.
Don't know how to trace... what I just can see is that suricata logs are shown in EVE syslog format...
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: NTopNG consuming Suricata EVE logs
«
Reply #3 on:
February 03, 2021, 08:24:15 am »
You have to enable eve alerts in IDS page, then you need to check how to ingest them to ntopng.
It's been a long time I read the blog about this.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
NTopNG consuming Suricata EVE logs
