Continuing the discussion from Road to NS 7 RC:
Letโs make this simple howto!
@jackyes @rasi @JOduMonT @Linux4All @fasttech @EddieA @Adam @Adam_S are the right guys for this task!
Will it work off a tap? Or only on traffic that passes through the server?
Great!
In this case, because ELK stack must be installed, can we resume the following topic?
Improve Mail Log Viewer and Query
Improve Mail Log Viewer and Query - #24 by alefattorini
( Tipstuff.org - TIPSTUFF.ORG )
TIA,
Gabriel
It works only if the server is the firewall of the network.
Software Center says nethserver-snort, my search result for the package is old, where is suricata?
do you have some free time?
All done!
This might be of interest to users - I release a new version of EveBox last week that can work without an external database. Instead it can use an embedded SQLite database. Provided you have Suricata logging to /var/log/suricata/eve.log, all you need is the EveBox binary and you can do something like โevebox server --datastore sqlite --input /var/log/suricata/eve.jsonโ.
Anyways, just FYI as its useful in environments where Elastic Search is not an option.