You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@metron.apache.org by Yazan Boshmaf <bo...@ece.ubc.ca> on 2016/05/30 08:36:54 UTC
Kibana index pattern config
Hello Matron devs!
I'm going through the quick deployment guide on a single node cluster.
I have two questions:
(1) For Kibana (http://node1:5000), what's the right index pattern for ES?
(2) For Monit (http://node1:2812), what's the default login credentials?
For (2), I tried admin/swordfish and admin/admin but they didn't work.
Thanks,
Yazan
Re: Kibana index pattern config
Posted by Yazan Boshmaf <bo...@ece.ubc.ca>.
Thanks, Hakkı. That's what I was looking for. Cheers!
I can confirm that all services and system components are up and running -
was able to visualize using different sensors too.
So far, so good! Awesome job - and yeah, this is much more usable than
OpenSOC.
Cheers,
Yazan
On Mon, May 30, 2016 at 11:45 AM, Hakkı Hakan Akansel <ha...@gmail.com>
wrote:
> For 2 you can use u: admin p: monit
>
> In kibana, you already have preconfigured index pattern in default.json
> file. Also you should add your index pattern like * or you can start with
> sensor type like snort*, bro*, yaf* etc. In metron index pattern formated
> like that
>
> <sensor-type>_index_yyyy.MM.dd.HH
>
> On Mon, May 30, 2016 at 11:39 AM, Yazan Boshmaf <bo...@ece.ubc.ca>
> wrote:
>
> > For (1), I can see only "timestamp" based on * regex. That should be
> > enough?
> >
> > On Mon, May 30, 2016 at 11:36 AM, Yazan Boshmaf <bo...@ece.ubc.ca>
> > wrote:
> >
> > > Hello Matron devs!
> > >
> > > I'm going through the quick deployment guide on a single node cluster.
> > >
> > > I have two questions:
> > >
> > > (1) For Kibana (http://node1:5000), what's the right index pattern for
> > ES?
> > >
> > > (2) For Monit (http://node1:2812), what's the default login
> credentials?
> > >
> > > For (2), I tried admin/swordfish and admin/admin but they didn't work.
> > >
> > > Thanks,
> > > Yazan
> > >
> >
>
>
>
> --
>
>
> *Hakki Hakan Akansel*
> *Eskisehir Osmangazi Üniversitesi*
> *Bilgisayar Mühendisliği *
> *Elektrik - Elektronik Mühendisliği (CAP)*
>
Re: Kibana index pattern config
Posted by Hakkı Hakan Akansel <ha...@gmail.com>.
For 2 you can use u: admin p: monit
In kibana, you already have preconfigured index pattern in default.json
file. Also you should add your index pattern like * or you can start with
sensor type like snort*, bro*, yaf* etc. In metron index pattern formated
like that
<sensor-type>_index_yyyy.MM.dd.HH
On Mon, May 30, 2016 at 11:39 AM, Yazan Boshmaf <bo...@ece.ubc.ca> wrote:
> For (1), I can see only "timestamp" based on * regex. That should be
> enough?
>
> On Mon, May 30, 2016 at 11:36 AM, Yazan Boshmaf <bo...@ece.ubc.ca>
> wrote:
>
> > Hello Matron devs!
> >
> > I'm going through the quick deployment guide on a single node cluster.
> >
> > I have two questions:
> >
> > (1) For Kibana (http://node1:5000), what's the right index pattern for
> ES?
> >
> > (2) For Monit (http://node1:2812), what's the default login credentials?
> >
> > For (2), I tried admin/swordfish and admin/admin but they didn't work.
> >
> > Thanks,
> > Yazan
> >
>
--
*Hakki Hakan Akansel*
*Eskisehir Osmangazi Üniversitesi*
*Bilgisayar Mühendisliği *
*Elektrik - Elektronik Mühendisliği (CAP)*
Re: Kibana index pattern config
Posted by Yazan Boshmaf <bo...@ece.ubc.ca>.
For (1), I can see only "timestamp" based on * regex. That should be enough?
On Mon, May 30, 2016 at 11:36 AM, Yazan Boshmaf <bo...@ece.ubc.ca> wrote:
> Hello Matron devs!
>
> I'm going through the quick deployment guide on a single node cluster.
>
> I have two questions:
>
> (1) For Kibana (http://node1:5000), what's the right index pattern for ES?
>
> (2) For Monit (http://node1:2812), what's the default login credentials?
>
> For (2), I tried admin/swordfish and admin/admin but they didn't work.
>
> Thanks,
> Yazan
>