Hello everyone. I’m very new to the cyber world. I have installed suricata on my computer and its working perfect. Now I’d like to be able to see alerts on an interface. I installed evebox and when I go to localhost:5636 on a web browser it says the site can’t be reached. So I just purged evebox from my system because I might have installed it wrong. What is the best approach to be able to monitor alerts and not crazy installation. I’m new to command line and have been learning on the fly. So any doable suggestions for a beginner would be greatly appreciated. Thanks!
Honestly, EveBox is probably going to be the least crazy installation to visualize your alerts.
First would be to check if your eve.json is logging correctly, does tail -f /var/log/suricata/eve.json show output scrolling periodically?
I guess the next steps would be, what output did EveBox display to the command line? Did you follow one of the usage examples here: Server | EveBox?
1 Like
I just checked and it is scrolling periodically. Except the live feed is at eve.18.json and not the default eve.json. Maybe that is where my problem is but I don’t know why it wouldn’t connect me to the website/dashboard. I’m going to go through the installation again and take it slow.
I appreciate the input and will post updates. Thank you!
I got it running! took it step by step and it works now. Now I am trying to access the evebox dashboard from an outside network and I can not figure it out. Could you point me in the right direction for information on how to set up an outside network computer to have access to the dashboard for my local machine?
Thanks again for the help!
1 Like
This is probably because it binds to localhost by default. On the command line, you can use --host 0.0.0.0 to open up access to external machines.
As for accessing it outside of your network, like when you are away. Unfortunately, I’ll leave that as an exercise for you, as it’s not specific to EveBox. Personally, I’m a fan of Tailscale for accessing my private network services when I’m not on the local network, rather than poking holes into my network with port forwards and the like.
1 Like