Troubleshooting and Logs

If things are not working as expected or you are experiencing some trouble and would like to have a further look please find below SELKS's major components log locations:

Suricata

Log files and folders:

/var/log/suricata.log
/var/log/suricata/stats.log
/var/log/suricata/core/

The folder /var/log/suricata/core/ will contain any core dumps in case of a segfault. Further reading on what to do and how to report Suricata bugs.

Suricata documentation

Elasticsearch

Log files

/var/log/elasticsearch/elasticsearch.log

Info about unassigned shards

Logstash

Log files:

/var/log/logstash/logstash.log

ELK docs

Elasticsearch Logstash Kibana documentation

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Troubleshooting and Logs

Suricata

Elasticsearch

Logstash

ELK docs

Clone this wiki locally