{"id":1531,"date":"2016-12-19T17:07:14","date_gmt":"2016-12-19T16:07:14","guid":{"rendered":"http:\/\/pcll.ac-dijon.fr\/eole\/?p=1531"},"modified":"2017-12-15T12:03:36","modified_gmt":"2017-12-15T11:03:36","slug":"hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata","status":"publish","type":"post","link":"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/","title":{"rendered":"Hackathon : compte rendu du groupe \u00ab Am\u00e9liorer la s\u00e9curit\u00e9 des r\u00e9seaux avec Suricata \u00bb"},"content":{"rendered":"<p><strong>L&rsquo;objectif de cet atelier \u00e9tait de mettre rapidement en \u0153uvre la cha\u00eene Suricata, <span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">logstash, Elasticsearch et Kibana sur un Eolebase 2.6.<\/span><\/strong><\/p>\n<p>Suricata est un logiciel open source de d\u00e9tection d&rsquo;intrusion (IDS), de pr\u00e9vention d&rsquo;intrusion (IPS), et de supervision de s\u00e9curit\u00e9 r\u00e9seau (NSM).<\/p>\n<p>Une pr\u00e9sentation du logiciel a \u00e9t\u00e9 r\u00e9alis\u00e9 durant le s\u00e9minaire EOLE 2016 :<\/p>\n\r\n\t<!-- Begin Video.js -->\r\n\t<video id=\"example_video_id_616079252\" class=\"video-js vjs-default-skin\" width=\"480\" height=\"270\" poster=\"http:\/\/pcll.ac-dijon.fr\/eole\/wp-content\/uploads\/sites\/4\/2016\/07\/Capture-du-2016-07-11-153846.png\" controls preload=\"none\" data-setup='[]'>\r\n\t\t<source src=\"http:\/\/lab11-eole.ac-dijon.fr\/videos\/13 - Suricata - IDS libres.mp4\" type='video\/mp4' \/>\r\n\t\t\r\n\t\t\r\n\t<\/video>\r\n\t<!-- End Video.js -->\r\n\n<p>Suricata &#8211; IDS Libres par Eric Leblond &#8211; Stamus Network (45 min)<\/p>\n<div id=\"magicdomid451\" class=\"\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\"><a href=\"http:\/\/eole.ac-dijon.fr\/presentations\/2016%20juin\/%202016-06-15-Suricata%e2%80%93IDS_Libres_par_Eric%20Leblond%e2%80%93Stamus%20Network.pdf\">Support de pr\u00e9sentation au format PDF<\/a><br \/>\n<\/span><\/div>\n<p>Nous avons profit\u00e9 de cet atelier pour enrichir Wikip\u00e9dia avec une page sur le logiciel Suricata : <a href=\"http:\/\/fr.wikipedia.org\/wiki\/Suricata_(logiciel)\">http:\/\/fr.wikipedia.org\/wiki\/Suricata_(logiciel)<\/a><\/p>\n<h2>Installation de Suricata<\/h2>\n<p>Pour tester la solution diff\u00e9rentes voies ont \u00e9t\u00e9 choisies :<\/p>\n<ul>\n<li>installation sur une Eolebase depuis les paquets ;<\/li>\n<li>utilisation et installation de la distribution SELKS 3.0 ;<\/li>\n<li>l&rsquo;utilisation d&rsquo;Amsterdam, une image Docker.<\/li>\n<\/ul>\n<h3>Installation depuis les paquets<\/h3>\n<div class=\"\">L&rsquo;installation des logiciels n&rsquo;a pas r\u00e9ellement pos\u00e9 de probl\u00e8me m\u00eame si la plupart n&rsquo;\u00e9tait pas empaquet\u00e9es pour Eolebase 2.6. Seul le paquet Suricata issu d&rsquo;un PPA \u00e9tait dans une version tr\u00e8s r\u00e9cente (<span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">3.2~RC1)<\/span>.<\/div>\n<div class=\"ace-line\"><\/div>\n<div class=\"ace-line\">\n<div id=\"magicdomid62\" class=\"\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">Permettre l&rsquo;ajout de PPA sur Eolebase :<br \/>\n<\/span><\/div>\n<div class=\"\">\n<pre id=\"magicdomid64\"><span class=\"author-a-pz88zd3iez70zz77zz77zebemz82zz66zz89z\">root@eolebase:~# apt install software-properties-common<\/span><\/pre>\n<div class=\"\">Ajout du PPA :<\/div>\n<div class=\"\">\n<pre id=\"magicdomid79\"><span class=\"author-a-pz88zd3iez70zz77zz77zebemz82zz66zz89z i\">root@eolebase:~# add-apt-repository ppa:oisf\/suricata-beta<\/span><\/pre>\n<div class=\"\">Mise \u00e0 jour des d\u00e9p\u00f4ts :<\/div>\n<div class=\"\">\n<pre id=\"magicdomid81\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">root@eolebase:~# Query-Auto<\/span><\/pre>\n<div class=\"\">Installation de Suricata :<\/div>\n<div class=\"\">\n<pre id=\"magicdomid94\"><span class=\"author-a-pz88zd3iez70zz77zz77zebemz82zz66zz89z\">root@eolebase:~# apt-get install suricata<\/span><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<h3>Installation depuis la distribution SELKS 3.0<\/h3>\n<div class=\"\">\n<div id=\"magicdomid461\" class=\"\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd b\">SELKS<\/span><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\"> 3.0 (Suricata Elasticsearch Logstash Kibana Scirius) est un syst\u00e8me Live bas\u00e9 sur debian d\u00e9di\u00e9 \u00e0 Suricata, une installation est possible.<br \/>\n<\/span><\/div>\n<div id=\"magicdomid462\" class=\"\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd url\"><a href=\"https:\/\/www.stamus-networks.com\/open-source\/\">https:\/\/www.stamus-networks.com\/open-source\/<\/a><\/span><\/div>\n<div id=\"magicdomid463\" class=\"\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd url\"><a href=\"http:\/\/dl.stamus-networks.com\/selks\/SELKS-3.0-desktop.iso.torrent\">http:\/\/dl.stamus-networks.com\/selks\/SELKS-3.0-desktop.iso.torrent<\/a><\/span><\/div>\n<div id=\"magicdomid464\" class=\"\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd url\"><a href=\"http:\/\/dl.stamus-networks.com\/selks\/SELKS-3.0-nodesktop.iso\">http:\/\/dl.stamus-networks.com\/selks\/SELKS-3.0-nodesktop.iso<\/a><\/span><\/div>\n<\/div>\n<p><a href=\"http:\/\/pcll.ac-dijon.fr\/eole\/wp-content\/uploads\/sites\/4\/2016\/11\/SELKS.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-1538\" src=\"http:\/\/pcll.ac-dijon.fr\/eole\/wp-content\/uploads\/sites\/4\/2016\/11\/SELKS-300x230.png\" alt=\"SELKS dans une VM\" width=\"300\" height=\"230\" srcset=\"https:\/\/pcll.ac-dijon.fr\/eole\/wp-content\/uploads\/sites\/4\/2016\/11\/SELKS-300x230.png 300w, https:\/\/pcll.ac-dijon.fr\/eole\/wp-content\/uploads\/sites\/4\/2016\/11\/SELKS-768x590.png 768w, https:\/\/pcll.ac-dijon.fr\/eole\/wp-content\/uploads\/sites\/4\/2016\/11\/SELKS.png 891w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>L&rsquo;utilisation du live sur une machine virtualis\u00e9e, test\u00e9e 2 fois sur des syst\u00e8mes de virtualisation diff\u00e9rent n&rsquo;a rien donn\u00e9 car la machine freeze au bout de quelques dizaines de minutes. L&rsquo;installation test\u00e9e \u00e0 deux reprises \u00e9galement dans des VM n&rsquo;a rien donn\u00e9 non plus.<\/p>\n<h3>Installation avec Docker<\/h3>\n<p>Nous n&rsquo;avons pas eu le temps de tester l&rsquo;image Docker mis \u00e0 disposition.<\/p>\n<p><a href=\"http:\/\/github.com\/StamusNetworks\/Amsterdam\">http:\/\/github.com\/StamusNetworks\/Amsterdam<\/a><\/p>\n<h2>Configuration de Suricata<\/h2>\n<div id=\"magicdomid178\" class=\"\">\n<p><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">\u00c9dition du fichier de configuration de configuration \/etc\/suricata\/suricata.yaml<\/span><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\"> :<\/span><\/p>\n<ul>\n<li><span class=\"author-a-pz88zd3iez70zz77zz77zebemz82zz66zz89z\">remplacement de l&rsquo;interface \u00e0 surveiller (af-packet:), attention eth0 n&rsquo;est plus le nom par d\u00e9faut de la premi\u00e8re interface sur un module EOLE<\/span><\/li>\n<li>mi<span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">se en commentaire de toutes les r\u00e8gles (rule-files:)<br \/>\n<\/span><\/li>\n<li><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">ajout de la r\u00e8gle eole.rules dans le r\u00e9pertoire \/etc\/suricata\/rules\/<br \/>\n<\/span><\/li>\n<\/ul>\n<p>Contenu de la r\u00e8gle eole.rules :<\/p>\n<pre id=\"magicdomid194\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">alert tcp 192.168.0.1 any -&gt; 192.168.0.24 22 (msg:\"Connexion sur le port 22\"; flow:established; classtype:protocol-command-decode; sid:2230024; rev:1;)<\/span>\r\n<span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">#next sid is 2230024<\/span><\/pre>\n<div class=\"\">Red\u00e9marrage du service<\/div>\n<\/div>\n<div class=\"\">\n<pre id=\"magicdomid197\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\"># service suricata restart<\/span><\/pre>\n<\/div>\n<div class=\"\">La sortie par d\u00e9faut est un fichier au format JSON :<\/div>\n<div class=\"\">\n<pre id=\"magicdomid199\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\"># tail -f \/var\/log\/suricata\/eve.json<\/span><\/pre>\n<\/div>\n<pre>{\"timestamp\":\"2016-11-16T10:54:13.628227+0100\",\"flow_id\":1160956180949346,\"in_iface\":\"ens4\",\"event_type\":\"alert\",\"src_ip\":\"192.168.0.1\",\"src_port\":52250,\"dest_ip\":\"192.168.0.24\",\"dest_port\":22,\"proto\":\"TCP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2230024,\"rev\":1,\"signature\":\"Connexion sur le port 22\",\"category\":\"Generic Protocol Command Decode\",\"severity\":3},\"ssh\":{\"client\":{\"proto_version\":\"2.0\",\"software_version\":\"OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\"},\"server\":{\"proto_version\":\"2.0\",\"software_version\":\"OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\"}}}\r\n\r\n{\"timestamp\":\"2016-11-16T10:54:13.717455+0100\",\"flow_id\":1160956180949346,\"in_iface\":\"ens4\",\"event_type\":\"alert\",\"src_ip\":\"192.168.0.1\",\"src_port\":52250,\"dest_ip\":\"192.168.0.24\",\"dest_port\":22,\"proto\":\"TCP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2230024,\"rev\":1,\"signature\":\"Connexion sur le port 22\",\"category\":\"Generic Protocol Command Decode\",\"severity\":3},\"ssh\":{\"client\":{\"proto_version\":\"2.0\",\"software_version\":\"OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\"},\"server\":{\"proto_version\":\"2.0\",\"software_version\":\"OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\"}}}<\/pre>\n<h2>Installation d&rsquo;Elasticsearch<\/h2>\n<div class=\"\">\n<div id=\"magicdomid205\" class=\"\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd b\"><b>Elasticsearch<\/b><\/span><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\"> est un serveur utilisant Lucene pour l&rsquo;indexation et la recherche des donn\u00e9es.<\/span><\/div>\n<\/div>\n<div class=\"\"><\/div>\n<div class=\"\">Ajout des d\u00e9p\u00f4ts du projet :<\/div>\n<div class=\"\">\n<pre id=\"magicdomid209\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\"># wget -qO - <\/span><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd url\"><a href=\"https:\/\/packages.elastic.co\/GPG-KEY-elasticsearch\">https:\/\/packages.elastic.co\/GPG-KEY-elasticsearch<\/a><\/span><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\"> | sudo apt-key add -<\/span>\r\n\r\n<span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\"># echo \"deb <\/span><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd url\"><a href=\"http:\/\/packages.elastic.co\/elasticsearch\/2.x\/debian\">http:\/\/packages.elastic.co\/elasticsearch\/2.x\/debian<\/a><\/span><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\"> stable main\" | sudo tee -a \/etc\/apt\/sources.list.d\/elasticsearch-2.x.list<\/span>\r\n\r\n# apt-get update<\/pre>\n<\/div>\n<div class=\"\">Installation du paquet :<\/div>\n<div class=\"\">\n<pre id=\"magicdomid211\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\"># apt-get install elasticsearch<\/span><\/pre>\n<\/div>\n<div class=\"\">La version d&rsquo;Elasticsearch est 2.4.1.<\/div>\n<h2>Configuration d&rsquo;Elasticsearch<\/h2>\n<div class=\"\">\u00c9dition du fichier de configuration :<\/div>\n<div class=\"\">\n<pre id=\"magicdomid212\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\"># vi \/etc\/elasticsearch\/elasticsearch.yml<\/span>\r\n\r\n<span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">network.host: 0.0.0.0<\/span>\r\n\r\n<span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">http.port: 9200<\/span><\/pre>\n<\/div>\n<div class=\"\">Red\u00e9marrage du service :<\/div>\n<div class=\"\">\n<pre id=\"magicdomid215\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\"># service elasticsearch restart<\/span><\/pre>\n<\/div>\n<div class=\"\">Pour se lib\u00e9rer du pare-feu le temps des tests :<\/div>\n<div class=\"\">\n<pre id=\"magicdomid216\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\"># ouvre.firewall\r\n<\/span><\/pre>\n<\/div>\n<h2>Test d&rsquo;Elasticsearch<\/h2>\n<div class=\"\">\n<div id=\"magicdomid218\" class=\"\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">Tester le bon fonctionnement d&rsquo;Elasticsearch en faisant pointer le navigateur sur l&rsquo;IP du serveur sur le port 9200 :<\/span><\/div>\n<div class=\"\"><\/div>\n<div id=\"magicdomid219\" class=\"\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd url\"><a href=\"http:\/\/&lt;ipServeur&gt;:9200\/\">http:\/\/&lt;ipServeur&gt;:9200\/<\/a><\/span><\/div>\n<div id=\"magicdomid220\" class=\"\"><\/div>\n<\/div>\n<div class=\"\">\n<div id=\"magicdomid221\" class=\"\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">L&rsquo;acc\u00e8s renvoi :<\/span><\/div>\n<pre id=\"magicdomid223\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">{<\/span>\r\n<span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">\u00a0 \"name\" : \"Headlok\",<\/span>\r\n<span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">\u00a0 \"cluster_name\" : \"elasticsearch\",<\/span>\r\n<span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">\u00a0 \"cluster_uuid\" : \"TGKtmcydRKWQKD97u5x7iQ\",<\/span>\r\n<span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">\u00a0 \"version\" : {<\/span>\r\n<span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">\u00a0\u00a0\u00a0 \"number\" : \"2.4.1\",<\/span>\r\n<span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">\u00a0\u00a0\u00a0 \"build_hash\" : \"c67dc32e24162035d18d6fe1e952c4cbcbe79d16\",<\/span>\r\n<span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">\u00a0\u00a0\u00a0 \"build_timestamp\" : \"2016-09-27T18:57:55Z\",<\/span>\r\n<span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">\u00a0\u00a0\u00a0 \"build_snapshot\" : false,<\/span>\r\n<span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">\u00a0\u00a0\u00a0 \"lucene_version\" : \"5.5.2\"<\/span>\r\n<span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">\u00a0 },<\/span>\r\n<span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">\u00a0 \"tagline\" : \"You Know, for Search\"<\/span>\r\n<span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">}<\/span><\/pre>\n<\/div>\n<h2>Installation de Logstash<\/h2>\n<div class=\"\">\n<div id=\"magicdomid241\" class=\"\">Ajout des d\u00e9p\u00f4ts :<\/div>\n<\/div>\n<pre># echo \"deb http:\/\/packages.elastic.co\/logstash\/4.5\/debian stable main\" | sudo tee -a \/etc\/apt\/sources.list\r\n# apt-get update\r\n# apt-get install logstash<\/pre>\n<div class=\"\">La version install\u00e9e est 2.4.0<\/div>\n<h2>Configuration de Logstash<\/h2>\n<div class=\"\">Attention des \u00e9volutions de la syntaxe font que la configuration peut \u00eatre tr\u00e8s diff\u00e9rente d&rsquo;une version \u00e0 l&rsquo;autre :<\/div>\n<div class=\"\">\n<div id=\"magicdomid248\" class=\"\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">Exemple de configuration : <\/span><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd url\"><a href=\"https:\/\/www.elastic.co\/guide\/en\/logstash\/current\/config-examples.html\">https:\/\/www.elastic.co\/guide\/en\/logstash\/current\/config-examples.html<\/a><\/span><\/div>\n<div id=\"magicdomid249\" class=\"\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">Pour la version 2.4 <\/span><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd url\"><a href=\"https:\/\/www.elastic.co\/guide\/en\/logstash\/2.4\/config-examples.html\">https:\/\/www.elastic.co\/guide\/en\/logstash\/2.4\/config-examples.html<\/a><\/span><\/div>\n<div class=\"\"><\/div>\n<\/div>\n<div class=\"\">Configuration utilis\u00e9e :<\/div>\n<div class=\"\">\n<pre># vim \/etc\/logstash\/conf.d\/01-eole-input.conf\r\ninput {\r\n file {\r\n path =&gt; \"\/var\/log\/suricata\/eve.json\"\r\n #sincedb_path =&gt; \"\/var\/lib\/logstash\/\"\r\n codec =&gt;\u00a0\u00a0 json\r\n type =&gt; \"SuricataIDPS\"\r\n }\r\n}\r\n\r\nfilter {\r\n if [type] == \"SuricataIDPS\" {\r\n date {\r\n match =&gt; [ \"timestamp\", \"ISO8601\" ]\r\n }\r\n }\r\n}\r\n\r\noutput {\r\n elasticsearch { hosts =&gt; [\"localhost:9200\"] }\r\n #stdout { codec =&gt; rubydebug }\r\n #stdout { codec =&gt; json}\r\n}<\/pre>\n<\/div>\n<p>Pour v\u00e9rifier la configuration de Logstash il est possible de l&rsquo;ex\u00e9cuter manuellement en pr\u00e9cisant le fichier de configuration :<\/p>\n<pre># \/opt\/logstash\/bin\/logstash -f \/etc\/logstash\/conf.d\/01-eole-input.conf<\/pre>\n<h2>Installation de Nginx<\/h2>\n<pre># apt-eole install eole-reverseproxy<\/pre>\n<h2>Cr\u00e9ation de l&rsquo;utilisateur kibana<\/h2>\n<pre># echo \"kibanaadmin:`openssl passwd -apr1`\" | sudo tee -a \/etc\/nginx\/htpasswd.users\r\nPassword:\r\nVerifying - Password:\r\nkibanaadmin:$apr1$.kUW0B1D$B7Pp3yEyKM9AWcY5e5nLy0\r\n<\/pre>\n<h2>Configuration de Nginx<\/h2>\n<p>Cr\u00e9ation d&rsquo;un fichier \/etc\/nginx\/sites-available\/kibana : \u00e9coute sur le port 80<\/p>\n<pre>server {\r\n\u00a0\u00a0\u00a0 listen 80;\r\n\u00a0\u00a0\u00a0 server_name example.com;\r\n\u00a0\u00a0\u00a0 auth_basic \"Restricted Access\";\r\n\u00a0\u00a0\u00a0 auth_basic_user_file \/etc\/nginx\/htpasswd.users;\r\n\u00a0\u00a0\u00a0 location \/ {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 proxy_pass http:\/\/localhost:5601;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 proxy_http_version 1.1;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 proxy_set_header Upgrade $http_upgrade;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 proxy_set_header Connection 'upgrade';\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 proxy_set_header Host $host;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 proxy_cache_bypass $http_upgrade;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 }\r\n\u00a0\u00a0\u00a0 }\r\n<\/pre>\n<p>Cr\u00e9ation d&rsquo;un lien symbolique<\/p>\n<pre># ln -s \/etc\/nginx\/sites-available\/kibana kibana (depuis \/etc\/nginx\/sites-enable )<\/pre>\n<p>Pour v\u00e9rifier la configuration :<\/p>\n<pre># nginx -t<\/pre>\n<div id=\"magicdomid310\" class=\"\">\n<h2><span class=\"author-a-pz88zd3iez70zz77zz77zebemz82zz66zz89z\">Install Kibana<\/span><\/h2>\n<div id=\"magicdomid312\" class=\"\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">Kibana est l&rsquo;interface pour visualiser les donn\u00e9es.<\/span><\/div>\n<\/div>\n<div class=\"\">\n<pre><code><span class=\"author-a-pz88zd3iez70zz77zz77zebemz82zz66zz89z\"># echo \"deb <\/span><span class=\"author-a-pz88zd3iez70zz77zz77zebemz82zz66zz89z url\"><a href=\"http:\/\/packages.elastic.co\/kibana\/4.5\/debian\">http:\/\/packages.elastic.co\/kibana\/4.5\/debian<\/a><\/span><span class=\"author-a-pz88zd3iez70zz77zz77zebemz82zz66zz89z\"> stable main\" | sudo tee -a \/etc\/apt\/sources.list<\/span><\/code><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\"># gpg --keyserver pgpkeys.mit.edu --recv-key D27D666CD88E42B<\/span> <span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\"># gpg -a --export D27D666CD88E42B4 | sudo apt-key add -<\/span><code><span class=\"author-a-pz88zd3iez70zz77zz77zebemz82zz66zz89z\"># apt-eole update<\/span><\/code><code><span class=\"author-a-pz88zd3iez70zz77zz77zebemz82zz66zz89z\"># apt-eole -y install kibana\r\n<\/span><\/code><\/pre>\n<h2 id=\"magicdomid321\">Configuration de Kibana<\/h2>\n<div id=\"magicdomid323\" class=\"\">\n<p><code><span class=\"author-a-pz88zd3iez70zz77zz77zebemz82zz66zz89z\"># vim \/opt\/kibana\/config\/kibana.yml<\/span><\/code><code><span class=\"author-a-pz88zd3iez70zz77zz77zebemz82zz66zz89z\">server.host: \"0.0.0.0\"<\/span><\/code><\/p>\n<\/div>\n<pre>service kibana start<\/pre>\n<h2>Connexion \u00e0 l&rsquo;application<\/h2>\n<p>Connexion anonyme :<br \/>\nhttp:\/\/&lt;ipServeur&gt;:5601\/app\/kibana<br \/>\nhttp:\/\/&lt;ipServeur&gt;:5601<\/p>\n<p>Connexion authentifi\u00e9e :<br \/>\nhttp:\/\/&lt;ipServeur&gt;\/app\/kibana<br \/>\nhttp:\/\/&lt;ipServeur&gt;<\/p>\n<p>Le compte et le mot de passe choisi sont ceux configur\u00e9s plus haut : kibanaadmin<\/p>\n<\/div>\n<h2>Scirius<\/h2>\n<div class=\"ace-line\">\n<div id=\"magicdomid346\" class=\"\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">Scirius est une interface web sous licence GPLv3 \u00e9crite avec Django d\u00e9di\u00e9e \u00e0 l&rsquo;\u00e9dition des r\u00e8gles Suricata. Nous avons tent\u00e9 sont installation mais n&rsquo;avons pas r\u00e9ussi \u00e0 le faire rentrer en interaction avec nos r\u00e8gles.<br \/>\n<\/span><\/div>\n<\/div>\n<div id=\"magicdomid457\" class=\"ace-line\"><span class=\"author-a-o8z89zz81zoz74zz67zz83z7oz86zs3z87z9z77z url\"><a href=\"https:\/\/github.com\/StamusNetworks\/scirius\/releases\">https:\/\/github.com\/StamusNetworks\/scirius\/releases<\/a><\/span><\/div>\n<div class=\"ace-line\"><\/div>\n<h2 id=\"magicdomid450\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd\">EveBox<\/span><\/h2>\n<div class=\"\"><span id=\"result_box\" class=\"\" lang=\"fr\"><span class=\"\">Web Based Event Viewer est une interface pour les lire les \u00e9v\u00e9nements dans Elastic Search.<\/span><\/span><\/div>\n<div class=\"\">Nous n&rsquo;avons pas r\u00e9alis\u00e9 de test sur cette application.<\/div>\n<div id=\"magicdomid451\" class=\"\"><span class=\"author-a-ez80z6z79zpz75zaz90zmz70zz78zz65zz86zvz88zd url\"><a href=\"https:\/\/github.com\/jasonish\/evebox\">https:\/\/github.com\/jasonish\/evebox<\/a><\/span><\/div>\n<div class=\"\"><\/div>\n<h2>Conclusion<\/h2>\n<div class=\"\">Afin d&rsquo;imaginer et de mettre en \u0153uvre quelques sc\u00e9narios d&rsquo;utilisations de la suite ELK (<span id=\"result_box\" class=\"\" lang=\"fr\"><span class=\"\">Elastic Search<\/span><\/span>, Logstash et Kibana) il serait plus simple de disposer des derni\u00e8res versions empaquet\u00e9es pour la version 16.04. Travail que l&rsquo;\u00e9quipe EOLE souhaite r\u00e9aliser dans quelques sprint.<\/div>\n<div class=\"\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Mise en \u0153uvre de la cha\u00eene Suricata, logstash, Elasticsearch et Kibana sur un Eolebase 2.6.<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[14,17,13,20,41,40],"class_list":["post-1531","post","type-post","status-publish","format-standard","hentry","category-evenements","tag-compte-rendu","tag-elasticsearch","tag-hackathon","tag-kibana","tag-logstash","tag-suricata"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Hackathon : compte rendu du groupe \u00ab Am\u00e9liorer la s\u00e9curit\u00e9 des r\u00e9seaux avec Suricata \u00bb - EOLE<\/title>\n<meta name=\"description\" content=\"Mise en \u0153uvre de la cha\u00eene Suricata, logstash, Elasticsearch et Kibana sur un Eolebase 2.6.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hackathon : compte rendu du groupe \u00ab Am\u00e9liorer la s\u00e9curit\u00e9 des r\u00e9seaux avec Suricata \u00bb - EOLE\" \/>\n<meta property=\"og:description\" content=\"Mise en \u0153uvre de la cha\u00eene Suricata, logstash, Elasticsearch et Kibana sur un Eolebase 2.6.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/\" \/>\n<meta property=\"og:site_name\" content=\"EOLE\" \/>\n<meta property=\"article:published_time\" content=\"2016-12-19T16:07:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-12-15T11:03:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pcll.ac-dijon.fr\/eole\/wp-content\/uploads\/sites\/4\/2016\/11\/SELKS.png\" \/>\n\t<meta property=\"og:image:width\" content=\"891\" \/>\n\t<meta property=\"og:image:height\" content=\"684\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"G\u00e9rald Schwartzmann\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@PoleEole\" \/>\n<meta name=\"twitter:site\" content=\"@PoleEole\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"G\u00e9rald Schwartzmann\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/\"},\"author\":{\"name\":\"G\u00e9rald Schwartzmann\",\"@id\":\"https:\/\/pcll.ac-dijon.fr\/eole\/#\/schema\/person\/a2a841fd5a669c93f8d7eec693fd2c9d\"},\"headline\":\"Hackathon : compte rendu du groupe \u00ab Am\u00e9liorer la s\u00e9curit\u00e9 des r\u00e9seaux avec Suricata \u00bb\",\"datePublished\":\"2016-12-19T16:07:14+00:00\",\"dateModified\":\"2017-12-15T11:03:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/\"},\"wordCount\":814,\"image\":{\"@id\":\"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/pcll.ac-dijon.fr\/eole\/wp-content\/uploads\/sites\/4\/2016\/11\/SELKS-300x230.png\",\"keywords\":[\"compte rendu\",\"Elasticsearch\",\"Hackathon\",\"Kibana\",\"logstash\",\"Suricata\"],\"articleSection\":[\"\u00c9v\u00e9nements\"],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/\",\"url\":\"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/\",\"name\":\"Hackathon : compte rendu du groupe \u00ab Am\u00e9liorer la s\u00e9curit\u00e9 des r\u00e9seaux avec Suricata \u00bb - EOLE\",\"isPartOf\":{\"@id\":\"https:\/\/pcll.ac-dijon.fr\/eole\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/pcll.ac-dijon.fr\/eole\/wp-content\/uploads\/sites\/4\/2016\/11\/SELKS-300x230.png\",\"datePublished\":\"2016-12-19T16:07:14+00:00\",\"dateModified\":\"2017-12-15T11:03:36+00:00\",\"author\":{\"@id\":\"https:\/\/pcll.ac-dijon.fr\/eole\/#\/schema\/person\/a2a841fd5a669c93f8d7eec693fd2c9d\"},\"description\":\"Mise en \u0153uvre de la cha\u00eene Suricata, logstash, Elasticsearch et Kibana sur un Eolebase 2.6.\",\"breadcrumb\":{\"@id\":\"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/#primaryimage\",\"url\":\"http:\/\/pcll.ac-dijon.fr\/eole\/wp-content\/uploads\/sites\/4\/2016\/11\/SELKS-300x230.png\",\"contentUrl\":\"http:\/\/pcll.ac-dijon.fr\/eole\/wp-content\/uploads\/sites\/4\/2016\/11\/SELKS-300x230.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/pcll.ac-dijon.fr\/eole\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hackathon : compte rendu du groupe \u00ab Am\u00e9liorer la s\u00e9curit\u00e9 des r\u00e9seaux avec Suricata \u00bb\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/pcll.ac-dijon.fr\/eole\/#website\",\"url\":\"https:\/\/pcll.ac-dijon.fr\/eole\/\",\"name\":\"EOLE\",\"description\":\"Ensemble Ouvert Libre Evolutif\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/pcll.ac-dijon.fr\/eole\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/pcll.ac-dijon.fr\/eole\/#\/schema\/person\/a2a841fd5a669c93f8d7eec693fd2c9d\",\"name\":\"G\u00e9rald Schwartzmann\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/pcll.ac-dijon.fr\/eole\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/bedd4f324d53737b76727dd63247ebf829793da57f3b464d5c50e7764f4b8895?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/bedd4f324d53737b76727dd63247ebf829793da57f3b464d5c50e7764f4b8895?s=96&d=mm&r=g\",\"caption\":\"G\u00e9rald Schwartzmann\"},\"url\":\"https:\/\/pcll.ac-dijon.fr\/eole\/author\/gerald\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hackathon : compte rendu du groupe \u00ab Am\u00e9liorer la s\u00e9curit\u00e9 des r\u00e9seaux avec Suricata \u00bb - EOLE","description":"Mise en \u0153uvre de la cha\u00eene Suricata, logstash, Elasticsearch et Kibana sur un Eolebase 2.6.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/","og_locale":"fr_FR","og_type":"article","og_title":"Hackathon : compte rendu du groupe \u00ab Am\u00e9liorer la s\u00e9curit\u00e9 des r\u00e9seaux avec Suricata \u00bb - EOLE","og_description":"Mise en \u0153uvre de la cha\u00eene Suricata, logstash, Elasticsearch et Kibana sur un Eolebase 2.6.","og_url":"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/","og_site_name":"EOLE","article_published_time":"2016-12-19T16:07:14+00:00","article_modified_time":"2017-12-15T11:03:36+00:00","og_image":[{"width":891,"height":684,"url":"https:\/\/pcll.ac-dijon.fr\/eole\/wp-content\/uploads\/sites\/4\/2016\/11\/SELKS.png","type":"image\/png"}],"author":"G\u00e9rald Schwartzmann","twitter_card":"summary_large_image","twitter_creator":"@PoleEole","twitter_site":"@PoleEole","twitter_misc":{"\u00c9crit par":"G\u00e9rald Schwartzmann","Dur\u00e9e de lecture estim\u00e9e":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/#article","isPartOf":{"@id":"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/"},"author":{"name":"G\u00e9rald Schwartzmann","@id":"https:\/\/pcll.ac-dijon.fr\/eole\/#\/schema\/person\/a2a841fd5a669c93f8d7eec693fd2c9d"},"headline":"Hackathon : compte rendu du groupe \u00ab Am\u00e9liorer la s\u00e9curit\u00e9 des r\u00e9seaux avec Suricata \u00bb","datePublished":"2016-12-19T16:07:14+00:00","dateModified":"2017-12-15T11:03:36+00:00","mainEntityOfPage":{"@id":"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/"},"wordCount":814,"image":{"@id":"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/#primaryimage"},"thumbnailUrl":"http:\/\/pcll.ac-dijon.fr\/eole\/wp-content\/uploads\/sites\/4\/2016\/11\/SELKS-300x230.png","keywords":["compte rendu","Elasticsearch","Hackathon","Kibana","logstash","Suricata"],"articleSection":["\u00c9v\u00e9nements"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/","url":"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/","name":"Hackathon : compte rendu du groupe \u00ab Am\u00e9liorer la s\u00e9curit\u00e9 des r\u00e9seaux avec Suricata \u00bb - EOLE","isPartOf":{"@id":"https:\/\/pcll.ac-dijon.fr\/eole\/#website"},"primaryImageOfPage":{"@id":"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/#primaryimage"},"image":{"@id":"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/#primaryimage"},"thumbnailUrl":"http:\/\/pcll.ac-dijon.fr\/eole\/wp-content\/uploads\/sites\/4\/2016\/11\/SELKS-300x230.png","datePublished":"2016-12-19T16:07:14+00:00","dateModified":"2017-12-15T11:03:36+00:00","author":{"@id":"https:\/\/pcll.ac-dijon.fr\/eole\/#\/schema\/person\/a2a841fd5a669c93f8d7eec693fd2c9d"},"description":"Mise en \u0153uvre de la cha\u00eene Suricata, logstash, Elasticsearch et Kibana sur un Eolebase 2.6.","breadcrumb":{"@id":"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/#primaryimage","url":"http:\/\/pcll.ac-dijon.fr\/eole\/wp-content\/uploads\/sites\/4\/2016\/11\/SELKS-300x230.png","contentUrl":"http:\/\/pcll.ac-dijon.fr\/eole\/wp-content\/uploads\/sites\/4\/2016\/11\/SELKS-300x230.png"},{"@type":"BreadcrumbList","@id":"https:\/\/pcll.ac-dijon.fr\/eole\/hackathon-compte-rendu-du-groupe-ameliorer-la-securite-des-reseaux-avec-suricata\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/pcll.ac-dijon.fr\/eole\/"},{"@type":"ListItem","position":2,"name":"Hackathon : compte rendu du groupe \u00ab Am\u00e9liorer la s\u00e9curit\u00e9 des r\u00e9seaux avec Suricata \u00bb"}]},{"@type":"WebSite","@id":"https:\/\/pcll.ac-dijon.fr\/eole\/#website","url":"https:\/\/pcll.ac-dijon.fr\/eole\/","name":"EOLE","description":"Ensemble Ouvert Libre Evolutif","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/pcll.ac-dijon.fr\/eole\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/pcll.ac-dijon.fr\/eole\/#\/schema\/person\/a2a841fd5a669c93f8d7eec693fd2c9d","name":"G\u00e9rald Schwartzmann","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/pcll.ac-dijon.fr\/eole\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/bedd4f324d53737b76727dd63247ebf829793da57f3b464d5c50e7764f4b8895?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/bedd4f324d53737b76727dd63247ebf829793da57f3b464d5c50e7764f4b8895?s=96&d=mm&r=g","caption":"G\u00e9rald Schwartzmann"},"url":"https:\/\/pcll.ac-dijon.fr\/eole\/author\/gerald\/"}]}},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/pcll.ac-dijon.fr\/eole\/wp-json\/wp\/v2\/posts\/1531","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pcll.ac-dijon.fr\/eole\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pcll.ac-dijon.fr\/eole\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pcll.ac-dijon.fr\/eole\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/pcll.ac-dijon.fr\/eole\/wp-json\/wp\/v2\/comments?post=1531"}],"version-history":[{"count":24,"href":"https:\/\/pcll.ac-dijon.fr\/eole\/wp-json\/wp\/v2\/posts\/1531\/revisions"}],"predecessor-version":[{"id":2318,"href":"https:\/\/pcll.ac-dijon.fr\/eole\/wp-json\/wp\/v2\/posts\/1531\/revisions\/2318"}],"wp:attachment":[{"href":"https:\/\/pcll.ac-dijon.fr\/eole\/wp-json\/wp\/v2\/media?parent=1531"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pcll.ac-dijon.fr\/eole\/wp-json\/wp\/v2\/categories?post=1531"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pcll.ac-dijon.fr\/eole\/wp-json\/wp\/v2\/tags?post=1531"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}