templates.md

Templates

Table of Contents

• Templates
• Dashboards
  • Manual-Method
  • Scripted-Method
• Logstash

1️⃣ Templates

1. In your web browser navigate to the pfELK IP address using port 5601 (example: 192.168.0.1:5601)
2. Click ☰ in the upper left corner
3. Click on Dev Tools located near the bottom under the Management heading
4. Paste the contents of each template file located in the template 📁 and links below - Component Templates - 🔺 NOTE Component Templates must be installed first and in sequential order (e.g. pfelk-settings, pfelk-mappings)
   • component_pfelk-mappings - Install First
   • component_pfelk-settings - Install Second
   • ilm-pfelk - Install Third
     - Index Templates
   • Click the green triangle after pasting the contents (one at a time) into the console
     • pfelk-firewall
     • pfelk-firewall - 🎯
     • pfelk-kea-dhcp - Optional
     • pfelk-dhcp - Depreciated
     • pfelk-unbound - Optional
     • pfelk-unbound - 🎯
     • pfelk-squid - Optional
     • pfelk-captive - Optional
     • pfelk-haproxy - Optional
     • pfelk-nginx - Optional
     • pfelk-nginx - 🎯
     • pfelk-suricata - Optional
     • pfelk-snort - Optional
5. 📌 References
   • 🎥 YouTube Guide

2️⃣ Dashboards

• 🅰️ Manual Method

  1. In your web browser go to the pfELK IP address followed by port 5601 (e.g. 192.168.0.1:5601)
  2. Click the menu icon (☰ three horizontal lines) in the upper left
  3. Under Management click -> Stack Management
  4. Under Kibana click -> Saved Objects
  5. The dashboards are located in the dashboard 📁 and linked below
  6. Import one at a time by clicking the import button in the top-right corner
     • Firewall Dashboard
     • Captive Dashboard - Optional
     • DHCP (isc) Dashboard - DHCPv4 & DHCPv6
     • DHCP (Kea) Dashbaord - Kea DHCP (v4)
     • HAProxy Dashboard - Optional
     • NGINX Dashboard - Optional
     • Snort Dashboard - Optional
     • Squid Dashboard - Optional
     • Suricata Dashboard - Optional
     • Unbound Dashboard - Optional
  7. 📌 References
     • 🎥 YouTube Guide

• 🅱️ Scripted Method 📃 (Not for docker)

  1. Download the pfelk-dashboard-installer

     • wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/scripts/pfelk-kibana-saved-objects.sh

  2. Update with the elastic password

     • sudo nano pfelk-kibana-saved-objects.sh
     • or
     • sed -i 's?PASSWORDGOESHERE?newpassword?' pfelk-kibana-saved-objects.sh where newpassword is replaced with the elastic password from installation step, i2

  3. Make the file executable

     • sudo chmod +x pfelk-kibana-saved-objects.sh

  4. Execute the file

     • sudo ./pfelk-kibana-saved-objects.sh

  5. 📌 References

     • 🎥 YouTube Guide

3️⃣ Start Logstash

1. systemctl start logstash.service

Proceed to Install ➡️ Configuration

_Preparation • _Install • _Security • Templates • _{Configuration}