how to create index in Kibana in Security Onion
1,522 views
Skip to first unread message
au.nexi...@gmail.com
Jul 25, 2018, 7:12:31 AM7/25/18
to security-onion
Hi ,
I am new to Kibana and i have install Security Onion on my server and have added 1 sensor and getting log. but when i executing "$ sudo /var/ossec/bin/list_agents -c" it shows the ip address of the sensor which i have added but when i checking logs Kibana it Doesn't show that it logs are coming from the sensors ;
may be some where i am doing some mistakes.
and one more thing that i wanted to know that how can i create Index Pattern Kibana.
Thanks
I am new to Kibana and i have install Security Onion on my server and have added 1 sensor and getting log. but when i executing "$ sudo /var/ossec/bin/list_agents -c" it shows the ip address of the sensor which i have added but when i checking logs Kibana it Doesn't show that it logs are coming from the sensors ;
may be some where i am doing some mistakes.
and one more thing that i wanted to know that how can i create Index Pattern Kibana.
Thanks
Wes Lambert
Jul 25, 2018, 10:07:35 PM7/25/18
to securit...@googlegroups.com
Have you ensured a firewall rule is in place for the OSSEC agent using the 'so-allow' script?
You can create a new index pattern by navigating to Management -> Index Patterns in Kibana , then click "Create Index Pattern".
Thanks,
Wes
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Message has been deleted
au.nexi...@gmail.com
Jul 26, 2018, 1:14:03 AM7/26/18
to security-onion
Thank for your reply , yes i have allowed firewall on OSSEC agent as well as Security Onion.
When it to Navigate Management -> Index Patterns in Kibana , then click "Create Index Pattern" and trying to add new pattern with custom name it does not highlighting Create index button. but when use suggested name it is allowing me create .
is there predefined index patter that we have to use or we can user our own ?
Also on kibana dash board it is showing 0 sensor connected.
Wes Lambert
Jul 26, 2018, 7:48:22 AM7/26/18
to securit...@googlegroups.com
I think you are referring to creating an index pattern and not necessarily an index. An index is ultimately created from using a config file with an output filter to output the logs to Elasticsearch. Try reviewing the config in /etc/logstash/conf.d for examples, and put your custom config and index templates in /etc/logstash/custom.
In regard to "0 sensors connected", please start a new thread for a separate issue.
Thanks,
Wes
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Danie de Jager
Jan 2, 2019, 7:18:32 AM1/2/19
to security-onion
Hi Wes,
I did a new install from the latest ISO and connecting to Kibana for the first time I see the attached image. What steps have the installer missed that I must still complete to be able to use Kibana?
I did a new install from the latest ISO and connecting to Kibana for the first time I see the attached image. What steps have the installer missed that I must still complete to be able to use Kibana?
Wes Lambert
Jan 2, 2019, 10:23:03 AM1/2/19
to securit...@googlegroups.com
Hi Danie,
That is strange. Assuming you ran through both phases of setup, it should be working fine.
You may want to try running so-elastic-configure to see if that helps.
Additionally, if you can find any errors or clues in the kibana.log, please provide them. They may be helpful to prevent the same type of issue in the future.
Thanks,
Wes
Danie de Jager
Jan 3, 2019, 9:15:05 AM1/3/19
to securit...@googlegroups.com
Thanks Wes,
I manually created the index pattern. Was not sure what Index Pattern to create so I made one with *. I can delete that if wrong.
Am I supposed to have a Dashboard? When I go there I see "Create your first dashboard" and Timelion and Visualise seems to be default too.
I ran the command and attached the output. Don't see anything in the output and not sure how to look at the kibana.log but these are the errors attached as well.
|
You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/IpOfb-BYAZ8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onio...@googlegroups.com.
Sardar Sadaqat
Feb 11, 2019, 5:36:13 AM2/11/19
to security-onion
hi i have a same problem plz let me know how you solved this problem
Wes Lambert
Feb 11, 2019, 8:32:17 AM2/11/19
to securit...@googlegroups.com
Hi Sardar,
Instead of replying to an old thread, please create a new one, including some more detail with regard to the issue you are experiencing.
Thanks,
Wes
On Mon, Feb 11, 2019 at 5:36 AM Sardar Sadaqat <sardarsa...@gmail.com> wrote:
hi i have a same problem plz let me know how you solved this problem
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages