Config files

• Suricata

SELKS uses the default Suricata config files,directories and locations:

Generic build parameters:
  Installation prefix (--prefix):          /usr
  Configuration directory (--sysconfdir):  /etc/suricata/
  Log directory (--localstatedir) :        /var/log/suricata/

• Elasticsearch

SELKS makes use the following elasticsearch config files:

/etc/elasticsearch/elasticsearch.yml
/etc/elasticsearch/logging.yml
/etc/default/elasticsearch

• Logstash

SELKS makes use the following logstash config files:

/etc/logstash/conf.d/logstash.conf
/etc/default/logstash

#### Resetting to defaults

If you have made any changes to the default configs above and would like to reset back to the default configuration that SELKS uses configuration - please read on. Below are the SELKS default distribution config files that are adjusted for SELKS (for example from the default configs distributed with Ealsticsearch and Logstash ):

/opt/selks/Scripts/Configs/Logstash/
/opt/selks/Scripts/Configs/Logstash/etc/
/opt/selks/Scripts/Configs/Logstash/etc/logstash/
/opt/selks/Scripts/Configs/Logstash/etc/logstash/conf.d/
/opt/selks/Scripts/Configs/Logstash/etc/logstash/conf.d/logstash.conf
/opt/selks/Scripts/Configs/Elasticsearch/
/opt/selks/Scripts/Configs/Elasticsearch/etc/
/opt/selks/Scripts/Configs/Elasticsearch/etc/elasticsearch/
/opt/selks/Scripts/Configs/Elasticsearch/etc/elasticsearch/elasticsearch.yml
/opt/selks/Scripts/Configs/Conky/
/opt/selks/Scripts/Configs/Conky/etc/
/opt/selks/Scripts/Configs/Conky/etc/conky/
/opt/selks/Scripts/Configs/Conky/etc/conky/conky.conf
/opt/selks/Scripts/Configs/Logrotate/
/opt/selks/Scripts/Configs/Logrotate/etc/
/opt/selks/Scripts/Configs/Logrotate/etc/logrotate.d/
/opt/selks/Scripts/Configs/Logrotate/etc/logrotate.d/suricata

These files are part of the selks-scripts-stamus Debian package that is installed by default for SELKS.