Using kofe on ossec+
Posted: Sun Apr 11, 2021 3:42 am
Hi,
I used https://www.ossec.net/finish-ossec-plus-install/ to install ossec+ and the KOFE extension, but I got the error that "No indices match pattern 'ossec*' " when open the KOFE-Compliance dashboard in Kibaba. I think this is a bug because when I checked the find out that the log path set as but I checked this path and I couldn't found any file with ".json" postfix instead, I found I think this file must pass as a log path in the "Filebeat.yaml" and "ossec-template.json" also should change.
I have another question, too, that how can I use the machine learning feature of ossec+? Is that embedded in the Elasticsearch ML? or anything else?
Thank you
I used https://www.ossec.net/finish-ossec-plus-install/ to install ossec+ and the KOFE extension, but I got the error that "No indices match pattern 'ossec*' " when open the KOFE-Compliance dashboard in Kibaba. I think this is a bug because when I checked the
Code: Select all
/etc/filebeat/filebeat.yml
Code: Select all
/var/ossec/logs/alerts/alerts.json
Code: Select all
/var/ossec/logs/alerts/alerts.log
I have another question, too, that how can I use the machine learning feature of ossec+? Is that embedded in the Elasticsearch ML? or anything else?
Thank you