install.sh has unreachable configuration file urls

[hence4thkingofthenorth]

the following endpoints are unreachable (404 not found):

sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/conf.d/01-inputs.conf
sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/conf.d/05-syslog.conf
sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/conf.d/10-pf.conf
sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/conf.d/11-firewall.conf
sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/conf.d/50-outputs.conf
sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/conf.d/12-suricata.conf
sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/conf.d/13-snort.conf
sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/conf.d/15-others.conf

sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/conf.d/patterns/pf-09.2019.grok

There is another pfelk project on GITHUB, but it is for Ubuntu (I would really prefer CentOS) and does not have the same filenames.
I'm unsure of what to copy or where to get it.
Pleas help :-)

[pclever1]

I ended up switching to debian so that I could stay up to date with the project's development. You can try the docker version or manual install process if you want to use centos but I don't recommend it unless you are very determined.

Sorry I couldn't be more help

[hence4thkingofthenorth]

Hi Peter, Thanks very much for taking the time to respond. The project is impressive and I’m going to continue to work on centos as best I can. I appreciate all the effort you’ve put into the project and if I find it too daunting maybe I’ll switch to Deb. I do have it all up and running (collecting syslogs from pfSense) but I have not gotten the customizations filters, visualizations, etc) quite yet. I’ve got it all running on a centos automated build so I can spin up and spin down single node clusters at will. If I can get everything going I’ll let you know. Thanks again for reaching out and for your work on the project! Ryan

…

Sent from my iPhone

On Nov 19, 2021, at 6:37 PM, Peter ***@***.***> wrote:  I ended up switching to debian so that I could stay up to date with the project's development. You can try the docker version or manual install process if you want to use centos but I don't recommend it unless you are very determined. Sorry I couldn't be more help — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[hence4thkingofthenorth]

Good evening Peter, I've struggled enough and gave up on forcefully using centos :-) I am now running a relatively vanilla install of Ubuntu 20.4, and pfelk that was installed today from the install script. I also installed patterns and dashboards using the scripts, hoping to KISS (keep it simple) my way through it. I have pfsense set up to send logs over 5140 to my pfsense VM. I can see that dashboards and index patterns have been created, but no data appears, "No results match your search criteria" and "No matching indices found: No indices match pattern "*-pfelk-firewall*"" are displayed. I can see that datagrams are being sent from the firewall to the pfsense VM: [image: image.png] [image: image.png] [image: image.png] [image: image.png] I was hoping you might have some troubleshooting suggestions or pointers as to where I might find the issue? Thanks very much for your help and your work on the project! Ryan On Sat, Nov 20, 2021 at 7:41 AM Ryan Revolution ***@***.***> wrote:

…

Hi Peter, Thanks very much for taking the time to respond. The project is impressive and I’m going to continue to work on centos as best I can. I appreciate all the effort you’ve put into the project and if I find it too daunting maybe I’ll switch to Deb. I do have it all up and running (collecting syslogs from pfSense) but I have not gotten the customizations filters, visualizations, etc) quite yet. I’ve got it all running on a centos automated build so I can spin up and spin down single node clusters at will. If I can get everything going I’ll let you know. Thanks again for reaching out and for your work on the project! Ryan Sent from my iPhone On Nov 19, 2021, at 6:37 PM, Peter ***@***.***> wrote:  I ended up switching to debian so that I could stay up to date with the project's development. You can try the docker version or manual install process if you want to use centos but I don't recommend it unless you are very determined. Sorry I couldn't be more help — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#1 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AWRPDFENSCPWG7YNUF63YG3UM3NUZANCNFSM5IHZY7YQ> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.