HEX

Warning: set_time_limit() [function.set-time-limit]: Cannot set time limit - prohibited by configuration in /home/u547966/brikov.ru/www/wp-content/plugins/admin-menu-editor/menu-editor.php on line 745
Server: Apache
System: Linux 4.19.0-0.bpo.9-amd64 x86_64 at red40
User: u547966 (5490)
PHP: 5.3.29-mh2
Disabled: syslog, dl, popen, proc_open, proc_nice, proc_get_status, proc_close, proc_terminate, posix_mkfifo, chown, chgrp, accelerator_reset, opcache_reset, accelerator_get_status, opcache_get_status, pcntl_alarm, pcntl_fork, pcntl_waitpid, pcntl_wait, pcntl_wifexited, pcntl_wifstopped, pcntl_wifsignaled, pcntl_wifcontinued, pcntl_wexitstatus, pcntl_wtermsig, pcntl_wstopsig, pcntl_signal, pcntl_signal_dispatch, pcntl_get_last_error, pcntl_strerror, pcntl_sigprocmask, pcntl_sigwaitinfo, pcntl_sigtimedwait, pcntl_exec, pcntl_getpriority, pcntl_setpriority
$ pwd: /usr/share/filebeat/module/suricata/
Upload Files
File: //usr/share/filebeat/module/suricata/README.md
# Suricata module

## Caveats

* Original Suricata event shoved as is `suricata.eve.`

## How to try the module from source

Build Filebeat

```
cd x-pack/filebeat
make mage
mage build update
./filebeat setup --modules=suricata -e -d "*" -c filebeat.yml -E 'setup.dashboards.directory=build/kibana'
```

Install Suricata (for MacOS with Brew)

```
brew install suricata --with-jansson
```

Configure it to generate the EVE JSON log. Edit `/usr/local/etc/suricata/suricata.yaml` and set

```
- eve-log:
    enabled: yes
```

Start Suricata

```
sudo suricata -i en0 # optionally more -i en1 -i en2...
```

Start the Suricata Filebeat module

```
./filebeat --modules=suricata -e -d "*" -c filebeat.yml
```

You can look for the Suricata saved searches and dashboards in Kibana.
@ Telegram