Skip to content
/ Savannah Public

Savannah is a simple open source web UI for IDS/IPS Suricata.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AnaLGiN83/Savannah

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits
app
app
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
run.py
run.py
 
 

Repository files navigation

Savannah

Savannah is a simple open source web UI for IDS/IPS Suricata.

  1. Configure your app/config.py
  2. Add to suricata.yaml outputs redis section:
...
    # Configure the type of alert (and other) logging you would like.
outputs:
  # a line based alerts log similar to Snort's fast.log
  - fast:
      enabled: yes
      filename: fast.log
      append: yes
      #filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'

  - eve-log:
      enabled: yes
      filetype: redis
      redis:
        server: 127.0.0.1
        port: 6379
        mode: list
        key: suricata-alerts
      types:
        - alert:
            tagged_packets: yes

  - eve-log:
      enabled: yes
      filetype: redis
      redis:
        server: 127.0.0.1
        port: 6379
        mode: list
        key: suricata-stats
      types:
        - stats:
            totals: yes
            threads: no
            deltas: no

  # Extensible Event Format (nicknamed EVE) event log in JSON format
  - eve-log:
      enabled: yes
      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
...

3.Install and run Savannah:

pip install -r requirements.txt
python3 run.py

About

Savannah is a simple open source web UI for IDS/IPS Suricata.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages