pfelk
Cannot get data to display Suricata dashbord and Firewall dashbord #538
Replies: 1 comment
-
|
@TieuBinh123 an issues, issue #539 was opened for this inquiry. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I have installed Suricata on pfSense and ELK. I tried sending data from the pfSense machine and checked the logs on the pfSense machine, and there were no issues. However, the log in Logstash shows an error indicating that it could not send data to Elasticsearch.
Im install in vmware
PFSENSE
24.2 beta2 - pfsense 2.7.2
Screenshot
I have tried with both RFC5424 and RFC3164, but neither worked.
Log suricata
I have fully installed the pfELK packages on ELK.
Log Logstash
[2024-05-29T12:02:25,047][WARN ][logstash.outputs.elasticsearch][pfelk][6bb69d12df47f484da6edfc05eb82144a3ecc1409df56a5f949148c81f635d6b] Could not index event to Elasticsearch. {:status=>404, :action=>["create", {:_id=>nil, :_index=>"logs-pfelk-suricata", :routing=>nil}, {"@timestamp"=>2024-05-29T05:02:24.816720298Z, ...}], :response=>{"create"=>{"status"=>404, "error"=>{"type"=>"index_not_found_exception", "reason"=>"no such index [logs-pfelk-suricata] and composable template [-pfelk-suricata] forbids index auto creation", "index_uuid"=>"na", "index"=>"logs-pfelk-suricata"}}}
Beta Was this translation helpful? Give feedback.
All reactions