How to view logs on evebox

Hello everyone,
I want to view logs real time on evebox, who similar with evebox please guide me how to use it please.
I want to change ip on evebox but becuase I use ssh If I user 127.0.0.1 I can’t access on my client pc. so please guide me how to use evebox.
Best regards

--help will give you a bunch of option… You want something like evebox server --host 0.0.0.0.

1 Like

host 0.0.0.0 I replace it to my it or I need to set it 0.0.0.0 sir ?
Do run this command on server and open it on client pc right ?

2024-01-25 09:23:08  INFO evebox::version: This is EveBox version 0.17.2 (rev: 536be8d); x86_64-unknown-linux-musl
2024-01-25 09:23:08  WARN evebox::elastic::client: Failed to get Elasticsearch version from http://localhost:9200, will try again: Reqwest(reqwest::Error { kind: Request, url: Url { scheme: "http", cannot_be_a_base: false, username: "", password: None, host: Some(Domain("localhost")), port: Some(9200), path: "//", query: None, fragment: None }, source: hyper::Error(Connect, ConnectError("tcp connect error", Os { code: 111, kind: ConnectionRefused, message: "Connection refused" })) })

I got this error sir how to what is the issue sir?
Sorry about my English
Best regards,

I’ll assume you don’t have Elasticsearch and such up and running already? EveBox was initially built to “just work” in that scenario, but it can also work without Elasticsearch. I’m going to assume you are running EveBox on the same machine as Suricata, so you could do something like:

mkdir ~/.config/evebox
evebox server --datastore sqlite -D ~/.config/evebox --host 0.0.0.0 /var/log/suricata/eve.json

This will use SQLite and consume the Suricata events from /var/log/suricata/eve.json. You can view the events and alerts with a browser, http://your-server-ip-here:5636.

Authentication, TLS can all be added, but for that, please see the EveBox docs.

1 Like

Problem solved.
Thank u so much sir.