-
Notifications
You must be signed in to change notification settings - Fork 285
How to load or update dashboards
SELKS comes with ready to use Kibana dashboards.
Those are in a package called kibana-dashboards-stamus and are aiming at providing the most of fully enabled Suricata IDS/IPS JSON logging features available. The package is derived from the GitHub repository located here.
NOTE: For best user experience use at least a 1680 x 1050 screen resolution!!
NOTE: Make sure (especially if you have upgraded to Scirius 3.5.0 or +) that in /etc/scirius/local_settings.py you have the following variable:
KIBANA6_DASHBOARDS_PATH = "/opt/selks/kibana7-dashboards/"
To reload/reset the dashboards from Scirius GUI -
Go to System settings (from the Stamus logo drop down menu in the left upper corner) -> Kibana -> choose the desired action.
Source location:
/opt/selks/kibana7-dashboards/
To reload/reset the dashboards from the cmd/shell (as root) :
cd /usr/share/python/scirius/ && . bin/activate && python bin/manage.py kibana_reset && deactivate
WARNING: That will RESET all your Kibana 7 dashboards - DELETE any custom dashboards/visualisatons (not the data) that you might have and (re)load the default ones !!
NOTE: Please make sure elasticsearch is running in order to update/reload the kibana dashboards.
Complete .kibana* index and dashboard reset (execute as root):
curl -XDELETE 'http://localhost:9200/.kibana*/' && \
sleep 20 ; cd /usr/share/python/scirius/ && \
. bin/activate && python bin/manage.py kibana_reset && \
deactivateNOTE: If the traffic you are inspecting contains vlans - in order to use the VLAN template, make sure you have enabled vlan tracking in suricata.yaml:
vlan:
use-for-tracking: true