Comments (14)
Hi,
Regarding suricata status, you need to enable unix-command in your suricata YAML.
For elasticsearch, check that elasticsearch index related variable are correct (see https://github.com/StamusNetworks/scirius/blob/master/scirius/settings.py#L113).
from scirius.
Thank you for reply!
1 - Enabled unix-command
in suricata.yaml:
unix-command:
enabled: yes
filename: custom.socket
Restarted suricata and scirius - still red (((
2 - my indexes i elasticsearch look like this:
logstash-2015.05.24; logstash-2015.06.04; logstash-2015.06.05; logstash-2015.06.06;...
So in local_settings.py I've changed default "logstash-"
to "logstash-*"
and restarted scirius - still have "Unable to get data from Elasticsearch"
on red background
3 - in local_settings.py Ive also have:
USE_KIBANA = True
# Use django as a reverse proxy for kibana request
# This will allow you to use scirius authentication to control
# access to Kibana
KIBANA_PROXY = False
# Kibana URL
KIBANA_URL = "http://localhost:5601"
But still have under kibana dashboards says: Failed to get data
Please, what am I missing?
from scirius.
Well I think I know what's with my suricata - there is a bug in suricata when working with BSD-flavored operation systems... Getting Unable to change permission on socket: Invalid argument (22)
-- https://redmine.openinfosecfoundation.org/issues/1353
So waiting for fix from openinfo...
But I still don't understand what's with my elasticsearch and kibana
from scirius.
from scirius.
Could you have one specific index for kibana in elasticsearch ?
from scirius.
Or you mean make indexes which do not contain time-based events?
from scirius.
Yes, that's it! kibana-int is hard coded and you are using .kibana. I'll try to cook a patch to fix this.
from scirius.
Can't I just try deleting it? Or you wouldn't suggest doing so?
from scirius.
No, I've just pushed patches on master. Can you try them ?
In your local_settings.py, set
KIBANA_VERSION=4
KIBANA_INDEX=".kibana"
Then it should work.
from scirius.
doesn't work(((
I've removed previos scirius and cloned again:
git clone https://github.com/StamusNetworks/scirius /usr/local/var/www/scirius
made all changes like you've written and started server:
python /usr/local/var/www/scirius/manage.py runserver
and got this:
You have unapplied migrations; your app may not work properly until they are applied.
Run 'python manage.py migrate' to apply them.
from scirius.
Try to run the migrate command as proposed.
from scirius.
oh yeah! Stupid me! I was already sleeping! I've run the migrate command and now everything works fine!!! Waiting suricata 2.1beta5 - they promise to fix unix-socket on BSD operating systems... Thank you very much! If I notice something I'll let you know!
from scirius.
I've got this red "Unable to get data from Elasticsearch" message again… I'm using Apache as reverse proxy with ssl between elasticsearch and kibana: so the reverse proxy accepts the incoming Elasticsearch requests on port 443 (https) and pushes them to Elasticsearch on port 9200, which is what Elasticsearch is expecting. Part of kibana httpd-vhost:
ProxyRequests off
ProxyPass /elasticsearch/ http://127.0.0.1:9200/
<Location /elasticsearch/>
ProxyPassReverse /
SSLRequireSSL
</Location>
When kibana.elastcsearch_url
is httpS://0.0.0.0/elasticsearch/
I was trying both (in local_settings.py): httpS://0.0.0.0/elasticsearch/
and default - http://127.0.0.1:9200/
but it does not work((
Elasticsearch and kibana themselves work great…
from scirius.
well I've found out what's happening… Will open new issue…
from scirius.
Related Issues (20)
- No Capture stats, Memory usage and problem indicators statisctics using the new scirius version HOT 8
- Error add public source HOT 7
- KeyError on Hunt whith latest django-webpack-loader (v1.0.0)
- First start issue HOT 5
- Python 2.7???? HOT 5
- does scirius fetch dashboard from kibana? HOT 1
- Scirius CE v3.7.0 GUI problem in safari 15 HOT 2
- docker: Get cyberchef pre-installed in the docker image HOT 2
- Failed to minify the code from this file: ./node_modules/patternfly-react/dist/esm/common/helpers.js:14 HOT 1
- Logging with python requests library error: Forbidden(403) CSRF verification failed HOT 1
- USE_KIBANA/ELASTICSEARCH=0 ignored, still tries to connect HOT 2
- Set python_requires and clarify Python support
- Number of rules on the source page never increments during updates in Scirius
- How to show more than 20 last rules activity in scirius?
- Batch activate commented rules
- Unable to Build Docker Image
- Fails on sources updating HOT 3
- Suricata won't restart after build & push ruleset HOT 3
- Install issues
- Error reading webpack-stats.prod.json
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scirius.