Page 1 of 1

Using kofe on ossec+

Posted: Sun Apr 11, 2021 3:42 am
by rostami
Hi,
I used https://www.ossec.net/finish-ossec-plus-install/ to install ossec+ and the KOFE extension, but I got the error that "No indices match pattern 'ossec*' " when open the KOFE-Compliance dashboard in Kibaba. I think this is a bug because when I checked the

Code: Select all

/etc/filebeat/filebeat.yml
find out that the log path set as

Code: Select all

/var/ossec/logs/alerts/alerts.json
but I checked this path and I couldn't found any file with ".json" postfix instead, I found

Code: Select all

/var/ossec/logs/alerts/alerts.log
I think this file must pass as a log path in the "Filebeat.yaml" and "ossec-template.json" also should change.
I have another question, too, that how can I use the machine learning feature of ossec+? Is that embedded in the Elasticsearch ML? or anything else?

Thank you