I had same issue Em quarta-feira, 18 de novembro de 2015 13:36:35 UTC-2, [email protected] escreveu: > > Hi, > > I am not sure if this is the right place to post but here it goes. I am > quite new to Linux but have setup a server with Ossec. Also trying to setup > LightSiem but am getting this error; > > TASK: [elk | Install packages] > ************************************************ > failed: [localhost] => (item=java, > http://download.elastic.co/logstash/logstash/packages/centos/logstash-1.5.0-1.noarch.rpm,https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.4.noarch.rpm,epel-release,nodejs,unzip,npm,dnsmasq) > > => {"changed": false, "failed": true, "item": "java, > http://download.elastic.co/logstash/logstash/packages/centos/logstash-1.5.0-1.noarch.rpm,https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.4.noarch.rpm,epel-release,nodejs,unzip,npm,dnsmasq";, > > "rc": 0, "results": []} > msg: The following packages have pending transactions: > java-1.8.0-openjdk-x86_64 > > FATAL: all hosts have already failed -- aborting > > PLAY RECAP > ******************************************************************** > to retry, use: --limit @/root/lightsiem-install.retry > > localhost : ok=0 changed=0 unreachable=0 failed=1 > > > > Any ideas? > > Regards > > > On Friday, 3 July 2015 23:58:27 UTC+2, Daniil Svetlov wrote: >> >> Hello, Theresa! >> >> I'm not go with snort instead of suricata. A have production snort >> deployment on my work. It provides access to big amount of log samples and >> user experience of LightSIEM. >> >> Anyway, suricata supports all relevant snort log formats. So you can use >> all types of snort input in LightSIEM with suricata. If you find some >> errors, feel free to report about it - I will try to help and fix them. >> >> пт, 3 июля 2015 г. в 20:14, theresa mic-snare <[email protected]>: >> >>> sounds awesome, great work Daniil! >>> >>> just out of curiosity, why did you decided to go with snort instead of >>> suricata? >>> http://suricata-ids.org >>> >>> keep up the good work! >>> >>> >>> Am Samstag, 28. März 2015 17:29:54 UTC+1 schrieb Daniil Svetlov: >>>> >>>> Hi, community! >>>> >>>> I have suffer of lacking SIEM system for OSSEC for several years. I >>>> tried Splunk, but it is very expensive. I also tried OSSEC WebUI, but I >>>> deleted it after few hours. A lot of time I sent OSSEC alerts to Prelude >>>> IDS and used Prewikka as web interface, but it have some bugs and was not >>>> actively developed. >>>> >>>> I saw several articles about parsing OSSEC in Logstash and >>>> Elasticsearch. It inspired me to create a batch of configs for parsing >>>> OSSEC and Snort logs. >>>> I created some patterns for parsing OSSEC and Snort alerts and now I >>>> plan to add more possible event sources. I wrote configs for Elasticsearch >>>> and Logstash, made few dashborads for Kibana as main part of WebUI. >>>> Kibana havn't got builtin authentication, so i found another project - >>>> Kibana Authentication Proxy and add it to my configuration too. >>>> I have also create some common model for SIEM messages based on IDMEF >>>> class hierarchy. I hope it will help to normalize events from different >>>> sources to one format. And that will help to analyze and visualize them. >>>> >>>> At the end of all that work I have make ansible playbook for easy and >>>> fast deploing all stuff and configs. So, my playbook take all that things >>>> together and run. >>>> >>>> Try LightSIEM progect on GitHub https://github.com/dsvetlov/lightsiem >>>> >>>> Hope it will help somebody to deploy free and opensource SIEM. >>>> >>>> I will be thankful for all your comments, advices and suggestions. >>>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> >> -- >> С уважением, Светлов Даниил. >> >
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
