I just create Elastic on Debain server and and connect with Evebox to get logs from suricata but it not work. here is my configuration Elasticsearch
# Use a descriptive name for your cluster:
#
cluster.name: suricata
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
and here is kibana configuration
=================== System: Kibana Server ===================
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "0.0.0.0"
and here is evebox configuration
http:
## By default, EveBox binds to localhost. Uncomment this line to open
## it up.
#host: "0.0.0.0"
database:
type: elasticsearch
elasticsearch:
url: http://192.168.32.149:9200
## If using the Filebeat Suricata module, you'll probably want to
## change the index to "filebeat".
index: logstash
# If using the Filebeat Suricata module this needs to be true.
#ecs: false
## If your Elasticsearch is using a self-signed certificate,
## you'll likely need to set this to true.
but it's get error
When I run this command it's not work
root@Suricata:/home/server# evebox server -e http:/192.168.32.149/:9200
2024-03-13 21:48:30 INFO evebox::version: This is EveBox version 0.18.0 (rev: 16bce96); x86_64-unknown-linux-musl
2024-03-13 21:48:30 INFO evebox::server::main: Using (discovered) data-directory /var/lib/evebox
2024-03-13 21:48:30 WARN evebox::elastic::client: Failed to get Elasticsearch version from http:/192.168.32.149/:9200, will try again: Reqwest(reqwest::Error { kind: Decode, source: Error("expected value", line: 1, column: 1) })
2024-03-13 21:48:33 WARN evebox::elastic::client: Failed to get Elasticsearch version from http:/192.168.32.149/:9200, will try again: Reqwest(reqwest::Error { kind: Decode, source: Error("expected value", line: 1, column: 1) })
2024-03-13 21:48:36 WARN evebox::elastic::client: Failed to get Elasticsearch version from http:/192.168.32.149/:9200, will try again: Reqwest(reqwest::Error { kind: Decode, source: Error("expected value", line: 1, column: 1) })
please help me solve this problem.
Best regards.
