- In your web browser navigate to the pfELK IP address using port 5601 (example: 192.168.0.1:5601)
- Click ☰ in the upper left corner
- Click on Dev Tools located near the bottom under the Management heading
- Paste the contents of each template file located in the template 📁 and links below
- Component Templates
- 🔺 NOTE Component Templates must be installed first and in sequential order (e.g. pfelk-settings, pfelk-mappings)
- component_pfelk-mappings - Install First
- component_pfelk-settings - Install Second
- ilm-pfelk - Install Third
- Index Templates - Click the green triangle after pasting the contents (one at a time) into the console
- pfelk-firewall
- pfelk-firewall - 🎯
- pfelk-kea-dhcp - Optional
- pfelk-dhcp - Depreciated
- pfelk-unbound - Optional
- pfelk-unbound - 🎯
- pfelk-squid - Optional
- pfelk-captive - Optional
- pfelk-haproxy - Optional
- pfelk-nginx - Optional
- pfelk-nginx - 🎯
- pfelk-suricata - Optional
- pfelk-snort - Optional
- 📌 References
-
- In your web browser go to the pfELK IP address followed by port 5601 (e.g. 192.168.0.1:5601)
- Click the menu icon (☰ three horizontal lines) in the upper left
- Under Management click -> Stack Management
- Under Kibana click -> Saved Objects
- The dashboards are located in the dashboard 📁 and linked below
- Import one at a time by clicking the import button in the top-right corner
- Firewall Dashboard
- Captive Dashboard - Optional
- DHCP (isc) Dashboard - DHCPv4 & DHCPv6
- DHCP (Kea) Dashbaord - Kea DHCP (v4)
- HAProxy Dashboard - Optional
- NGINX Dashboard - Optional
- Snort Dashboard - Optional
- Squid Dashboard - Optional
- Suricata Dashboard - Optional
- Unbound Dashboard - Optional
- 📌 References
-
-
Download the pfelk-dashboard-installer
wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/scripts/pfelk-kibana-saved-objects.sh
-
Update with the elastic password
sudo nano pfelk-kibana-saved-objects.sh
- or
sed -i 's?PASSWORDGOESHERE?newpassword?' pfelk-kibana-saved-objects.sh
wherenewpassword
is replaced with the elastic password from installation step, i2
-
Make the file executable
sudo chmod +x pfelk-kibana-saved-objects.sh
-
Execute the file
sudo ./pfelk-kibana-saved-objects.sh
-
📌 References
-
systemctl start logstash.service
Proceed to Install ➡️ Configuration
Preparation • Install • Security • Templates • Configuration