From 715485a42ba8ad07782f72ed34d792de584ffad4 Mon Sep 17 00:00:00 2001 From: Andreas Herz Date: Tue, 5 Jan 2016 20:19:10 +0100 Subject: [PATCH] doc: finished remaining conversion for output --- ...filemd5-and-whiteblacklisting-with-md5.rst | 2 ++ ...gstash-kibana-and-suricata-json-output.rst | 33 ++++++++++--------- .../output/files-json-log-output/mysql.rst | 4 +-- .../files-json-log-output/postgresql.rst | 6 ++-- .../script-follow-json.rst | 2 ++ 5 files changed, 27 insertions(+), 20 deletions(-) diff --git a/doc/sphinx/file-extraction/filemd5-and-whiteblacklisting-with-md5.rst b/doc/sphinx/file-extraction/filemd5-and-whiteblacklisting-with-md5.rst index d4e6ef4fc5..1e24c2a591 100644 --- a/doc/sphinx/file-extraction/filemd5-and-whiteblacklisting-with-md5.rst +++ b/doc/sphinx/file-extraction/filemd5-and-whiteblacklisting-with-md5.rst @@ -1,3 +1,5 @@ +.. _filemd5-listing: + Filemd5 and white or black listing with MD5 hashes ================================================== diff --git a/doc/sphinx/output/files-json-log-output/logstash-kibana-and-suricata-json-output.rst b/doc/sphinx/output/files-json-log-output/logstash-kibana-and-suricata-json-output.rst index ebc2aef759..10e5d87f25 100644 --- a/doc/sphinx/output/files-json-log-output/logstash-kibana-and-suricata-json-output.rst +++ b/doc/sphinx/output/files-json-log-output/logstash-kibana-and-suricata-json-output.rst @@ -2,14 +2,17 @@ Logstash Kibana and Suricata JSON output ======================================== With the release of Suricata 2.0rc1 , Suricata introduces all JSON output capability. -What is JSON - http://en.wikipedia.org/wiki/JSON +What is JSON - http://en.wikipedia.org/wiki/JSON One way to handle easily Suricata's JSON log outputs is through Kibana - http://kibana.org/ : -> Kibana is a highly scalable interface for Logstash (http://logstash.net/) and ElasticSearch (http://www.elasticsearch.org/) that allows you to efficiently search, graph, analyze and otherwise make sense of a mountain of logs. -> + +:: + + Kibana is a highly scalable interface for Logstash (http://logstash.net/) and ElasticSearch (http://www.elasticsearch.org/) that allows you to efficiently search, graph, analyze and otherwise make sense of a mountain of logs. The installation is very simple/basic start up with minor specifics for ubuntu. You can be up and running, looking through the logs in under 5 min. + The downloads can be found here - http://www.elasticsearch.org/overview/elkdownloads/ This is what yo need to do. @@ -38,7 +41,7 @@ Make sure your Suricata is compiled/installed with libjansson support enabled: CUDA enabled: no ... -If it isn't check out the [[Suricata_installation]] page to install or compile Suricata for your distribution. +If it isn't check out the [[**FIXME** Suricata_installation]] page to install or compile Suricata for your distribution. **NOTE:** you will need these packages installed -> **libjansson4** and *libjansson-dev* before compilation. Configure suricata @@ -78,14 +81,12 @@ Install ELK (elasticsearch, logstash, kibana) --------------------------------------------- First install the dependencies -( -**NOTE:** -ELK recommends running with Oracle Java - how to -> -http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/setup-service.html#_installing_the_oracle_jdk -) -Otherwise you can install the openjdk: +**NOTE:** ELK recommends running with Oracle Java - how to: + +* http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/setup-service.html#_installing_the_oracle_jdk +Otherwise you can install the openjdk: :: @@ -95,7 +96,9 @@ Otherwise you can install the openjdk: Then download and install the software. Make sure you download the latest versions - -http://www.elasticsearch.org/overview/elkdownloads/ + +* http://www.elasticsearch.org/overview/elkdownloads/ + The installation process is simple (for example): :: @@ -112,7 +115,7 @@ The installation process is simple (for example): Logstash configuration ---------------------- -Create and save a *logstash.conf* file with the following content in the /etc/logstash/conf.d/ directory : +Create and save a **logstash.conf** file with the following content in the /etc/logstash/conf.d/ directory : :: @@ -197,7 +200,7 @@ Configure the start-up services Enjoy ----- -That's all. Now make sure Suricata is running and you have logs written in your JSON log files and you point your browser towards -> +That's all. Now make sure Suricata is running and you have logs written in your JSON log files and you point your browser towards :: @@ -210,9 +213,9 @@ Some ready to use templates can be found here: * https://github.com/pevma/Suricata-Logstash-Templates From here on if you would like to customize and familiarize yourself more with the interface you should read the documentation about Kibana and Logstash. -Please have in mind that this is a very quick(under 5 min) tutorial. You should customize and review the proper way for you of using it as a service and/or consider using *httpS web interface and reversy proxy with some authentication*. +Please have in mind that this is a very quick(under 5 min) tutorial. You should customize and review the proper way for you of using it as a service and/or consider using **httpS web interface and reversy proxy with some authentication**. -Some possible customization of the output of Logstash and Kibana - > +Some possible customization of the output of Logstash and Kibana diff --git a/doc/sphinx/output/files-json-log-output/mysql.rst b/doc/sphinx/output/files-json-log-output/mysql.rst index 41533f21d7..0e0c328670 100644 --- a/doc/sphinx/output/files-json-log-output/mysql.rst +++ b/doc/sphinx/output/files-json-log-output/mysql.rst @@ -29,8 +29,8 @@ For MySQL make sure you create a db and a table: -OPTIONALLY - if you would like you can add in the MD5 whitelist table and import the data as described here ( [[Filemd5 and white/black listing with MD5]] ) +OPTIONALLY - if you would like you can add in the MD5 whitelist table and import the data as described here :ref:`FileMD5 and white/black listing with md5 ` -now you can go ahead and execute the script - [[Script FollowJSON]] +now you can go ahead and execute the script - :ref:`Script FollowJSON ` Peter Manev diff --git a/doc/sphinx/output/files-json-log-output/postgresql.rst b/doc/sphinx/output/files-json-log-output/postgresql.rst index 3fdb1f2cff..7f0cb1b732 100644 --- a/doc/sphinx/output/files-json-log-output/postgresql.rst +++ b/doc/sphinx/output/files-json-log-output/postgresql.rst @@ -67,14 +67,14 @@ Log out and log in again (with the "filejson" user) to test if everything is ok: -Optionally you could create and import the MD5 white list data if you wish - generally the same guidance as described in: -[[Filemd5 and white/black listing with MD5]] +Optionally you could create and import the MD5 white list data if you wish - generally the same guidance as described in :ref:`FileMD5 and white/black listing with md5 ` Some more general info and basic commands/queries: http://jazstudios.blogspot.se/2010/06/postgresql-login-commands.html http://www.thegeekstuff.com/2009/05/15-advanced-postgresql-commands-with-examples/ -now you can go ahead and execute the script - [[Script FollowJSON]] +now you can go ahead and execute the script - :ref:`Script FollowJSON ` Peter Manev + diff --git a/doc/sphinx/output/files-json-log-output/script-follow-json.rst b/doc/sphinx/output/files-json-log-output/script-follow-json.rst index 3c88021c21..a914fa4082 100644 --- a/doc/sphinx/output/files-json-log-output/script-follow-json.rst +++ b/doc/sphinx/output/files-json-log-output/script-follow-json.rst @@ -1,3 +1,5 @@ +.. _script-follow-json: + Script FollowJSON =================