-
Notifications
You must be signed in to change notification settings - Fork 285
How to load or update dashboards
SELKS comes with ready to use Kibana dashboards.
Those are in a package called kibana-dashboards-stamus and are aiming at providing the most of fully enabled Suricata IDS/IPS JSON logging features available. The package is derived form the GitHub repository located here.
NOTE: For best user experience use with 1680 x 1050 screen resolution!!
NOTE: If the traffic you are inspecting contains vlans - in order to use the VLAN template, make sure you have enabled vlan tracking in suricata.yaml -
vlan:
use-for-tracking: trueIn order to reload and update the Kibana dashboards you need to do the following:
apt-get update && apt-get dist-upgrade rm /etc/kibana/kibana-dashboards-loaded /etc/init.d/kibana-dashboards-stamus reload
If you want to upgrade only kibana-dashboards-stamus, you can run:
apt-get update && apt-get install kibana-dashboards-stamus rm /etc/kibana/kibana-dashboards-loaded /etc/init.d/kibana-dashboards-stamus reload
WARNING: That will DELETE all your ***SN **** Kibana 4 dashboards/visualisatons
and reload the newest default ones !! Any other custom dashboards will not be affected.
If you would like to just clear and reset to the originally provided dashboards in SELKS:
rm /etc/kibana/kibana-dashboards-loaded /etc/init.d/kibana-dashboards-stamus reset
WARNING: That will RESET all your Kibana 4 dashboards - DELETE any custom dashboards/visualisatons (not the data) that you might have and (re)load the deafult ones !!
NOTE: Please make sure elasticsearch is running in order to update/reload the kibana dashboards.
The purpose of rm /etc/kibana/dashboards-loaded is to make sure you would not override any Kibana dashboards of yours by accident. For example if you have used and modified an originally provided SELKS Kibana dashboard and you have saved your changes but used the same name - that dashboard will be overridden during following the instructions above.
You can do exactly the same as explained above from the Scirius graphic interface -
Go to System settings (from the Stamus logo drop down menu in the left upper corner) -> Kibana -> choose an action