Hi, I am not sure if this is the right place to post but here it goes. I am quite new to Linux but have setup a server with Ossec. Also trying to setup LightSiem but am getting this error;
TASK: [elk | Install packages] ************************************************ failed: [localhost] => (item=java,http://download.elastic.co/logstash/logstash/packages/centos/logstash-1.5.0-1.noarch.rpm,https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.4.noarch.rpm,epel-release,nodejs,unzip,npm,dnsmasq) => {"changed": false, "failed": true, "item": "java,http://download.elastic.co/logstash/logstash/packages/centos/logstash-1.5.0-1.noarch.rpm,https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.4.noarch.rpm,epel-release,nodejs,unzip,npm,dnsmasq";, "rc": 0, "results": []} msg: The following packages have pending transactions: java-1.8.0-openjdk-x86_64 FATAL: all hosts have already failed -- aborting PLAY RECAP ******************************************************************** to retry, use: --limit @/root/lightsiem-install.retry localhost : ok=0 changed=0 unreachable=0 failed=1 Any ideas? Regards On Friday, 3 July 2015 23:58:27 UTC+2, Daniil Svetlov wrote: > > Hello, Theresa! > > I'm not go with snort instead of suricata. A have production snort > deployment on my work. It provides access to big amount of log samples and > user experience of LightSIEM. > > Anyway, suricata supports all relevant snort log formats. So you can use > all types of snort input in LightSIEM with suricata. If you find some > errors, feel free to report about it - I will try to help and fix them. > > пт, 3 июля 2015 г. в 20:14, theresa mic-snare <[email protected] > <javascript:>>: > >> sounds awesome, great work Daniil! >> >> just out of curiosity, why did you decided to go with snort instead of >> suricata? >> http://suricata-ids.org >> >> keep up the good work! >> >> >> Am Samstag, 28. März 2015 17:29:54 UTC+1 schrieb Daniil Svetlov: >>> >>> Hi, community! >>> >>> I have suffer of lacking SIEM system for OSSEC for several years. I >>> tried Splunk, but it is very expensive. I also tried OSSEC WebUI, but I >>> deleted it after few hours. A lot of time I sent OSSEC alerts to Prelude >>> IDS and used Prewikka as web interface, but it have some bugs and was not >>> actively developed. >>> >>> I saw several articles about parsing OSSEC in Logstash and >>> Elasticsearch. It inspired me to create a batch of configs for parsing >>> OSSEC and Snort logs. >>> I created some patterns for parsing OSSEC and Snort alerts and now I >>> plan to add more possible event sources. I wrote configs for Elasticsearch >>> and Logstash, made few dashborads for Kibana as main part of WebUI. >>> Kibana havn't got builtin authentication, so i found another project - >>> Kibana Authentication Proxy and add it to my configuration too. >>> I have also create some common model for SIEM messages based on IDMEF >>> class hierarchy. I hope it will help to normalize events from different >>> sources to one format. And that will help to analyze and visualize them. >>> >>> At the end of all that work I have make ansible playbook for easy and >>> fast deploing all stuff and configs. So, my playbook take all that things >>> together and run. >>> >>> Try LightSIEM progect on GitHub https://github.com/dsvetlov/lightsiem >>> >>> Hope it will help somebody to deploy free and opensource SIEM. >>> >>> I will be thankful for all your comments, advices and suggestions. >>> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > -- > > -- > С уважением, Светлов Даниил. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
