Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Front End for Suricata
« previous
next »
Print
Pages: [
1
]
Author
Topic: Front End for Suricata (Read 5630 times)
spetrillo
Hero Member
Posts: 721
Karma: 8
Front End for Suricata
«
on:
May 29, 2019, 04:02:02 pm »
Hello all,
Is anyone using a front end web app for Suricata or just using the alert section in the OPNsense gui?
Thanks,
Steve
Logged
BeNe
Full Member
Posts: 113
Karma: 13
Use *BSD and feel free!
Re: Front End for Suricata
«
Reply #1 on:
June 05, 2019, 04:27:01 pm »
I'm still using the OPNsense gui. But i will push the events into a ELK-Stack with a Dashboard.
That's the best opinion in my eyes to get the most out of the logs.
Logged
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: Front End for Suricata
«
Reply #2 on:
June 06, 2019, 06:30:19 pm »
It seems I am heading down the same path. I am building an ELK stack on a Windows box but how do you push the logs to the other device? Is there a config to tell Suricata to send the logs?
Logged
BeNe
Full Member
Posts: 113
Karma: 13
Use *BSD and feel free!
Re: Front End for Suricata
«
Reply #3 on:
June 06, 2019, 08:17:53 pm »
If you use an ELK Stack, you can install Logtash (that´s the "L" in the ELK) on your OPNsense.
So you can push the needed logs.
Or you can use default Syslog daemon that comes with the OPNsense if you don´t wont to change to much on your Firwall. In Suricata enable syslog alerts.
There is an Logtash config for OPNSense around from fabian ->
https://github.com/fabianfrz/opnsense-logstash-config
For ELK itself, there are already great dashboard for Suricata.
Logged
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: Front End for Suricata
«
Reply #4 on:
June 06, 2019, 08:29:58 pm »
Aha...so I only need the E and K on my other machine...thanks for clarifying that!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Front End for Suricata
