You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey there,
i love the projekt and get deeper into it... but im new to elastic and kibana and all that
so for now i got my openwrt logs in security onion via zeek as logs.
Those are looking like this (in this case banIP):
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hey there,
i love the projekt and get deeper into it... but im new to elastic and kibana and all that
so for now i got my openwrt logs in security onion via zeek as logs.
Those are looking like this (in this case banIP):
[23617.539606] banIP/fwd-lan/reject/oisdbigv4: IN=br-lan.1 OUT=wan MAC=******* SRC=192.168.1.97 DST=204.79.197.*** LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=44976 DF PROTO=TCP SPT=61204 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0how can i reindex or whatever the real_message to extract those infos and order them to a banIP section like:
banIP
Beta Was this translation helpful? Give feedback.
All reactions