Install/Enable ELSA Post Installation/Configuration
Martin Bishop
Havent seem to find the answer in the group, so asking here.
I have SO 14.04 (standalone) installed on Ubuntu 14.04 LTS server. I have already went through the process of configuring everything for the current services and sensors. However, I would like to enable/install ELSA to play around with its functionality. During the initial sosetup, I declined to enable ELSA and so at this point I would like to enable it. I would however like to complete this without having sosetup overwrite any of my current configurations.
Is there an ELSA setup script in SO that would be used for this process? If so, please advise. If not, would going thru the sosetup again write-over my current configurations? Any other advice that would be helpful in this situation would be appreciated.
Please advise.
Thanks in advance!
Martin Bishop
Any additional information is appreciated.
Martin Bishop
- run "sudo /usr/bin/securityonion-elsa-config.sh -t WEB" on your
master server (the box that hosts sguild, Squert, Snorby, etc.)
- run "sudo /usr/bin/securityonion-elsa-config.sh -t LOG" on any boxes
that are sniffing live network interfaces
- once the previous step is completed and all sensors are running ELSA
log nodes, then return to the master server and run "sudo
/usr/bin/securityonion_elsa_register.rb -f && sudo service apache2
restart"
Already ran, will be testing and troubleshooting next. If I find any issues, I will post them here. If all else fails, I get to re-run sosetup and will have to reconfigure everything.