hakabana/hakabana.1.in at develop · FusionFC/hakabana · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
.\" This Source Code Form is subject to the terms of the Mozilla Public"
.\" License, v. 2.0. If a copy of the MPL was not distributed with this"
.\" file, You can obtain one at http://mozilla.org/MPL/2.0/."
.\""
.TH HAKABANA 1 "2014" "Haka" Commands
.SH NAME
hakabana \- Network monitoring tool based on Haka, Elasticsearch and Kibana
.SH DESCRIPTION
.PP
Network monitoring tool based on Haka, Elasticsearch and Kibana.
.PP
This tool uses an Haka configuration to extract various information on the
network:
.PP
* Packets and connections information
  . Source and destination IP
  . Geographic data
  . Protocols
  . Bandwidth
.PP
* HTTP details (host, user-agent, uri...)
* DNS queries
.SH INSTALL
You need an elasticsearch server (check Elasticsearch packages and documentation
to set it up). By default, it is supposed to be available locally
(at 127.0.0.1:9200) but this can be changed by editing the general configuration
file.
.PP
On the Kibana page, you need to import the predefined dashboard (see the files
section). This dashboard will report various information about the packets and
connections seen on the network.
.SH GOING FURTHER
You are encouraged to check the Haka rules used in Hakabana. It is easily editable
if you want to add extra information. Check Haka full documentation to get details
and information about rule creation.
.SH FILES
\fB@CMAKE_INSTALL_PREFIX@/share/haka/hakabana/config.lua\fP general configuration
of Hakabana.
.br
\fB@CMAKE_INSTALL_PREFIX@/share/haka/hakabana/dashboard/Hakabana.json\fP Kibana
dashboard.
.br
\fB@CMAKE_INSTALL_PREFIX@/share/haka/modules/misc/hakabana\fP Hakabana module
.br
.SH SEE ALSO
\fIhaka\fR\|(1)
\fIhakabana-clean\fR\|(1)
.SH AUTHORS
Team HAKA - Arkoon
.SH COPYRIGHT
Arkoon Network Security, OpenWide and Telecom ParisTech.