You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using snort and logstash. To generate the unified2 file I run this snort command: sudo snort -A console -i enp0s3 -u snort -g snort -c /etc/snort/snort.conf
Afterwards I run unifiedbeat: /home/pc/go/src/github.com/cleesmith/unifiedbeat# ./unifiedbeat -c unifiedbeat.yml -e
However I get this feedback from unifiedbeat:
`2019/02/04 02:36:28.776378 geolite.go:24: INFO GeoIP disabled: No paths were set under shipper.geoip.paths
2019/02/04 02:36:28.776537 logstash.go:105: INFO Max Retries set to: 3
2019/02/04 02:36:28.780277 outputs.go:135: INFO Activated logstash as output plugin.
2019/02/04 02:36:28.780345 outputs.go:135: INFO Activated console as output plugin.
2019/02/04 02:36:28.780407 publish.go:291: INFO Publisher name: nucy
2019/02/04 02:36:28.780581 async.go:78: INFO Flush Interval set to: 1s
2019/02/04 02:36:28.780602 async.go:84: INFO Max Bulk Size set to: 2048
2019/02/04 02:36:28.780633 async.go:78: INFO Flush Interval set to: 1s
2019/02/04 02:36:28.780644 async.go:84: INFO Max Bulk Size set to: 2048
2019/02/04 02:36:28.780685 beat.go:238: INFO Init Beat: unifiedbeat; Version: 2.0.1
2019/02/04 02:36:28.781042 u2beat.go:106: INFO Setup: 'geoip2_path:' not specified in YAML config file.
2019/02/04 02:36:28.801499 u2beat.go:123: INFO Setup: Rules warnings: 0 multiple line rules rejected, 0 duplicate rules rejected
2019/02/04 02:36:28.801696 u2beat.go:124: INFO Setup: Rules stats: 8 rule files read, 863 rules created
2019/02/04 02:36:28.808859 u2beat.go:140: INFO Setup: registrar: registry file: "/home/pc/go/src/github.com/cleesmith/unifiedbeat/.unifiedbeat"
2019/02/04 02:36:28.808891 u2beat.go:141: INFO Setup: registrar: file source: ""
2019/02/04 02:36:28.808897 u2beat.go:142: INFO Setup: registrar: file offset: 0
2019/02/04 02:36:28.809395 beat.go:267: INFO unifiedbeat sucessfully setup. Start running.
2019/02/04 02:36:28.809416 u2beat.go:148: INFO Run: start spooling and publishing...
2019/02/04 02:36:28.809422 u2spoolandpublish.go:52: INFO U2SpoolAndPublish: spooling and publishing...
2019/02/04 02:36:28.819012 u2beat.go:182: INFO Run: updated registry file.
2019/02/04 02:36:28.819029 beat.go:307: INFO Start exiting beat
2019/02/04 02:36:28.819608 beat.go:282: INFO Stopping Beat
2019/02/04 02:36:28.819625 u2beat.go:192: INFO Stop: is spooling and publishing running? 'false'
2019/02/04 02:36:28.819633 u2beat.go:213: INFO Stop: done after waiting 7.084µs.
2019/02/04 02:36:28.819639 beat.go:290: INFO Cleaning up unifiedbeat before shutting down.
2019/02/04 02:36:28.819651 u2beat.go:217: INFO Cleanup: is spooling and publishing running? 'false'
2019/02/04 02:36:28.819656 u2beat.go:223: INFO Cleanup: done.
2019/02/04 02:36:28.819660 beat.go:139: INFO Exit beat completed
`
Hello!
I'm struggling to use unifiedbeat properly :(
I'm using snort and logstash. To generate the unified2 file I run this snort command:
sudo snort -A console -i enp0s3 -u snort -g snort -c /etc/snort/snort.confAfterwards I run unifiedbeat:
/home/pc/go/src/github.com/cleesmith/unifiedbeat# ./unifiedbeat -c unifiedbeat.yml -eHowever I get this feedback from unifiedbeat:
`2019/02/04 02:36:28.776378 geolite.go:24: INFO GeoIP disabled: No paths were set under shipper.geoip.paths
2019/02/04 02:36:28.776537 logstash.go:105: INFO Max Retries set to: 3
2019/02/04 02:36:28.780277 outputs.go:135: INFO Activated logstash as output plugin.
2019/02/04 02:36:28.780345 outputs.go:135: INFO Activated console as output plugin.
2019/02/04 02:36:28.780407 publish.go:291: INFO Publisher name: nucy
2019/02/04 02:36:28.780581 async.go:78: INFO Flush Interval set to: 1s
2019/02/04 02:36:28.780602 async.go:84: INFO Max Bulk Size set to: 2048
2019/02/04 02:36:28.780633 async.go:78: INFO Flush Interval set to: 1s
2019/02/04 02:36:28.780644 async.go:84: INFO Max Bulk Size set to: 2048
2019/02/04 02:36:28.780685 beat.go:238: INFO Init Beat: unifiedbeat; Version: 2.0.1
2019/02/04 02:36:28.781042 u2beat.go:106: INFO Setup: 'geoip2_path:' not specified in YAML config file.
2019/02/04 02:36:28.801499 u2beat.go:123: INFO Setup: Rules warnings: 0 multiple line rules rejected, 0 duplicate rules rejected
2019/02/04 02:36:28.801696 u2beat.go:124: INFO Setup: Rules stats: 8 rule files read, 863 rules created
2019/02/04 02:36:28.808859 u2beat.go:140: INFO Setup: registrar: registry file: "/home/pc/go/src/github.com/cleesmith/unifiedbeat/.unifiedbeat"
2019/02/04 02:36:28.808891 u2beat.go:141: INFO Setup: registrar: file source: ""
2019/02/04 02:36:28.808897 u2beat.go:142: INFO Setup: registrar: file offset: 0
2019/02/04 02:36:28.809395 beat.go:267: INFO unifiedbeat sucessfully setup. Start running.
2019/02/04 02:36:28.809416 u2beat.go:148: INFO Run: start spooling and publishing...
2019/02/04 02:36:28.809422 u2spoolandpublish.go:52: INFO U2SpoolAndPublish: spooling and publishing...
2019/02/04 02:36:28.818556 u2spoolandpublish.go:96: CRIT U2SpoolAndPublish: unexpected error: 'unexpected EOF'
2019/02/04 02:36:28.819012 u2beat.go:182: INFO Run: updated registry file.
2019/02/04 02:36:28.819029 beat.go:307: INFO Start exiting beat
2019/02/04 02:36:28.819608 beat.go:282: INFO Stopping Beat
2019/02/04 02:36:28.819625 u2beat.go:192: INFO Stop: is spooling and publishing running? 'false'
2019/02/04 02:36:28.819633 u2beat.go:213: INFO Stop: done after waiting 7.084µs.
2019/02/04 02:36:28.819639 beat.go:290: INFO Cleaning up unifiedbeat before shutting down.
2019/02/04 02:36:28.819651 u2beat.go:217: INFO Cleanup: is spooling and publishing running? 'false'
2019/02/04 02:36:28.819656 u2beat.go:223: INFO Cleanup: done.
2019/02/04 02:36:28.819660 beat.go:139: INFO Exit beat completed
`
My configuration files:
Snort- https://pastebin.com/c0BauSWL
Unifiedbeat- https://pastebin.com/QD4bMAv8
I already checked similar issue, however I think I'm using proper unified2 log file.
Does anyone know, how can I fix this? :)
The text was updated successfully, but these errors were encountered: