Troubleshooting and Logs

If things are not working as expected or you are experiencing some trouble and would like to have a further look please find below SELKS's major components log and documentation locations:

Suricata

Log files and folders:

/var/log/suricata.log
/var/log/suricata/stats.log
/var/log/suricata/core/

The folder /var/log/suricata/core/ will contain any core dumps in case of a segfault. Further reading on what to do and how to report Suricata bugs.

Suricata documentation

Elasticsearch

Log files

/var/log/elasticsearch/elasticsearch.log

Info about unassigned shards

Logstash

Performance tuning and troubleshooting

Log files

/var/log/logstash/logstash.log

Moloch

Log files

/data/moloch/logs/

Scirius

Log files

/var/log/scirius-error.log
/var/log/scirius.log

ELK docs

Elasticsearch Logstash Kibana documentation

Provide feedback

Saved searches

Use saved searches to filter your results more quickly