Skip to content

Troubleshooting and Logs

Peter Manev edited this page Oct 6, 2017 · 19 revisions

If things are not working as expected or you are experiencing some trouble and would like to have a further look please find below SELKS's major components log and documentation locations:

Suricata

Log files and folders:

/var/log/suricata.log
/var/log/suricata/stats.log
/var/log/suricata/core/

The folder /var/log/suricata/core/ will contain any core dumps in case of a segfault. Further reading on what to do and how to report Suricata bugs.

Elasticsearch

  • Log files
/var/log/elasticsearch/elasticsearch.log

Logstash

Log files:

/var/log/logstash/logstash.log

Performance Tuning

ELK docs

Elasticsearch Logstash Kibana documentation

Clone this wiki locally