# Suricata module
## Caveats
* Module is to be considered _beta_.
* Field names will be changing for 7.0 to comply with Elastic Common Schema (ECS).
* Original Suricata event shoved as is `suricata.eve.`
## How to try the module from source
Build Filebeat
```
cd x-pack/filebeat
make mage
mage build update
./filebeat setup --modules=suricata -e -d "*" -c filebeat.yml -E 'setup.dashboards.directory=build/kibana'
```
Install Suricata (for MacOS with Brew)
```
brew install suricata --with-jansson
```
Configure it to generate the EVE JSON log. Edit `/usr/local/etc/suricata/suricata.yaml` and set
```
- eve-log:
enabled: yes
```
Start Suricata
```
sudo suricata -i en0 # optionally more -i en1 -i en2...
```
Start the Suricata Filebeat module
```
./filebeat --modules=suricata -e -d "*" -c filebeat.yml
```
You can look for the Suricata saved searches and dashboards in Kibana.
filebeat-6.6.0-linux-x86_64.tar.gz filebeat-6.6.0下载
需积分: 5 54 浏览量
2020-07-01
12:57:54
上传
评论
收藏 11.01MB GZ 举报
filebeat-6.6.0-linux-x86_64.tar.gz filebeat-6.6.0下载 (290个子文件) 
elasticsearch.yml.disabled 845B system.yml.disabled 574B icinga.yml.disabled 546B redis.yml.disabled 463B kafka.yml.disabled 396B osquery.yml.disabled 388B apache2.yml.disabled 371B iis.yml.disabled 371B nginx.yml.disabled 369B mysql.yml.disabled 368B logstash.yml.disabled 361B haproxy.yml.disabled 269B traefik.yml.disabled 195B postgresql.yml.disabled 192B suricata.yml.disabled 190B mongodb.yml.disabled 189B kibana.yml.disabled 188B auditd.yml.disabled 175B filebeat 35.22MB filebeat.json 213KB filebeat.json 213KB Filebeat-Suricata-Overview.json 18KB Filebeat-Suricata-Alert-Overview.json 16KB Filebeat-nginx-overview.json 15KB Filebeat-new-users-and-groups.json 14KB osquery-compliance.json 14KB Filebeat-mysql.json 13KB Filebeat-apache2.json 13KB Filebeat-iis.json 12KB Filebeat-traefik-overview.json 11KB Filebeat-redis.json 11KB ml-traefik-remote-ip-url-explorer.json 11KB ml-traefik-access-remote-ip-count-explorer.json 11KB ml-nginx-remote-ip-url-explorer.json 11KB ml-nginx-access-remote-ip-count-explorer.json 10KB Filebeat-logstash-slowlog.json 10KB Filebeat-ssh-login-attempts.json 10KB Filebeat-auditd.json 9KB Filebeat-haproxy-overview.json 9KB Filebeat-Kafka-overview.json 8KB osquery-rootkit.json 8KB Filebeat-auth-sudo-commands.json 8KB Filebeat-nginx-logs.json 7KB Filebeat-logstash-log.json 6KB Filebeat-Postgresql-overview.json 6KB Filebeat-Postgresql-slowlogs.json 6KB Filebeat-syslog.json 6KB Filebeat-icinga-debug-log.json 6KB Filebeat-icinga-main-log.json 6KB pipeline.json 5KB Filebeat-Mongodb-overview.json 5KB pipeline.json 4KB pipeline.json 4KB Filebeat-icinga-startup-errors.json 4KB pipeline.json 3KB default.json 3KB pipeline.json 3KB response_code.json 3KB remote_ip_url_count.json 3KB default.json 3KB response_code.json 3KB remote_ip_url_count.json 3KB remote_ip_request_rate.json 3KB remote_ip_request_rate.json 3KB pipeline.json 2KB pipeline-json.json 2KB pipeline.json 2KB pipeline-plain.json 2KB pipeline.json 2KB d2864600-478f-11e7-be88-2ddb32f3df97.json 2KB pipeline.json 2KB ML-Traefik-Access-Remote-IP-Timechart.json 2KB ML-Nginx-Access-Remote-IP-Timechart.json 2KB Sent-sizes.json 2KB ML-Traefik-Access-Unique-Count-URL-Timechart.json 2KB ML-Nginx-Access-Unique-Count-URL-Timechart.json 2KB f398d2f0-fa77-11e6-ae9b-81e5311e8cab.json 2KB dcccaa80-4791-11e7-be88-2ddb32f3df97.json 2KB pipeline.json 2KB default.json 2KB pipeline-json.json 2KB Errors-over-time.json 2KB New-Visualization.json 2KB default.json 1KB pipeline.json 1KB Filebeat-Apache2-Dashboard.json 1KB pipeline.json 1KB pipeline.json 1KB dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json 1KB 3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d.json 1KB 0d3f2380-fa78-11e6-ae9b-81e5311e8cab.json 1KB 7fea2930-478e-11e7-b1f0-cb29bac6bf8b.json 1KB pipeline.json 1KB ML-Traefik-Remote-IP-URL-Explorer.json 1KB ML-Nginx-Remote-IP-URL-Explorer.json 1KB Filebeat-Nginx-Dashboard.json 1KB 5517a150-f9ce-11e6-8115-a7c18106d86a.json 1KB pipeline.json 1KB pipeline.json 1KB Filebeat-MySQL-Dashboard.json 1KB共 290 条
- 1
- 2
- 3
资源评论
