Hello,
What is the best and easy to configure tool for visualization Suricata-IDS logs?
Thank you.
There are several tools, some folks use the ELK stack with Kibana being the part to visualize it, see in the SELKS distribution for example.
I don’t like to install that tools on Suricata-IDS server. I need a tool that installing it on another server and connect to Suricata-IDS by it.
You don’t have to install the ELK stack on the same machine, you can forward that from the machine that’s running Suricata to another machine that runs the ELK stack.
1 Like
Usually visualizations are installed to displayed from or use a central “db” server that has all the logs.
In the case of Kibana visualizations they do not need to be installed on the IDS server itself.
The SELKS visualizations themselves can be used without SELKS - they are free and available here to be used with any ELK installation.
Feedback is always welcome.
1 Like
Suricata-IDS could handle log forwarding or a tool like “rsyslog” needed?
No, Suricata can’t itself send logs off-site. The best bet is to log to a file, like it does by default then use some sort of log processor. If you are going to dive into Elasticsearch and Kibana, then Filebeat is what is most commonly used these days. Logstash is still an option as well.
2 Likes
Thank you so much for your info.
- syslog: #This is a output-module to direct log-output to several directions.
enabled: no #The use of this output-module is not enabled.
facility: local5 #In this option you can set a syslog facility.
level: Info #In this option you can set the level of output.
what is the use of this section in the configure file suricata.yaml ?? and how to configure the syslog output in windows please .