SELKS
SELKS copied to clipboard
StamusNetworks
Kibana did not load properly. Check the server output for more information
root@SELKS:~# selks-health-check_stamus ● suricata.service - LSB: Next Generation IDS/IPS Loaded: loaded (/etc/init.d/suricata; generated) Active: active (running) since Tue 2020-06-23 18:57:07 EEST; 30min ago Docs: man:systemd-sysv-generator(8) Process: 654 ExecStart=/etc/init.d/suricata start (code=exited, status=0/SUCCESS) Tasks: 10 (limit: 4915) Memory: 325.0M CGroup: /system.slice/suricata.service └─704 /usr/bin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid --af-packet -D -v --user=logstash
Jun 23 18:57:07 SELKS systemd[1]: Starting LSB: Next Generation IDS/IPS... Jun 23 18:57:07 SELKS suricata[654]: Starting suricata in IDS (af-packet) mode... done. Jun 23 18:57:07 SELKS systemd[1]: Started LSB: Next Generation IDS/IPS. ● elasticsearch.service - Elasticsearch Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-06-23 18:57:26 EEST; 30min ago Docs: https://www.elastic.co Main PID: 653 (java) Tasks: 97 (limit: 4915) Memory: 1.6G CGroup: /system.slice/elasticsearch.service ├─653 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -D… └─901 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller
Jun 23 18:57:07 SELKS systemd[1]: Starting Elasticsearch... Jun 23 18:57:26 SELKS systemd[1]: Started Elasticsearch. ● logstash.service - logstash Loaded: loaded (/etc/systemd/system/logstash.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-06-23 18:57:06 EEST; 30min ago Main PID: 374 (java) Tasks: 37 (limit: 4915) Memory: 960.4M CGroup: /system.slice/logstash.service └─374 /bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.awt.headless=true -Dfile.en…
Jun 23 18:57:52 SELKS logstash[374]: [2020-06-23T18:57:52,818][INFO ][logstash.outputs.elasticsearch][main] Attempting to install template {:manage_template=>{"template"=>"… Jun 23 18:57:52 SELKS logstash[374]: [2020-06-23T18:57:52,835][INFO ][logstash.outputs.elasticsearch][main] Installing elasticsearch template to _template/logstash Jun 23 18:57:52 SELKS logstash[374]: [2020-06-23T18:57:52,841][INFO ][logstash.outputs.elasticsearch][main] Installing elasticsearch template to _template/logstash Jun 23 18:57:52 SELKS logstash[374]: [2020-06-23T18:57:52,980][INFO ][logstash.filters.geoip ][main] Using geoip database {:path=>"/usr/share/logstash/vendor…2-City.mmdb"} Jun 23 18:57:53 SELKS logstash[374]: [2020-06-23T18:57:53,134][INFO ][logstash.filters.geoip ][main] Using geoip database {:path=>"/usr/share/logstash/vendor…2-City.mmdb"} Jun 23 18:57:53 SELKS logstash[374]: [2020-06-23T18:57:53,207][INFO ][logstash.javapipeline ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipe… Jun 23 18:57:54 SELKS logstash[374]: [2020-06-23T18:57:54,481][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"} Jun 23 18:57:54 SELKS logstash[374]: [2020-06-23T18:57:54,520][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :no…ipelines=>[]} Jun 23 18:57:54 SELKS logstash[374]: [2020-06-23T18:57:54,522][INFO ][filewatch.observingtail ][main][d4aef1d642dafd3cc0ec28e9e79530daa4bc5c58ba6b725806ceff6c…b collections Jun 23 18:57:54 SELKS logstash[374]: [2020-06-23T18:57:54,777][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600} Hint: Some lines were ellipsized, use -l to show in full. ● kibana.service - Kibana Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-06-23 18:57:06 EEST; 30min ago Main PID: 373 (node) Tasks: 11 (limit: 4915) Memory: 1.1G CGroup: /system.slice/kibana.service └─373 /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli
Jun 23 18:57:36 SELKS kibana[373]: {"type":"log","@timestamp":"2020-06-23T15:57:36Z","tags":["listening","info"],"pid":373,"message":"Server running at http:/…calhost:5601"} Jun 23 18:57:37 SELKS kibana[373]: {"type":"log","@timestamp":"2020-06-23T15:57:37Z","tags":["info","http","server","Kibana"],"pid":373,"message":"http server…calhost:5601"} Jun 23 18:58:19 SELKS kibana[373]: {"type":"response","@timestamp":"2020-06-23T15:58:19Z","tags":[],"pid":373,"method":"get","statusCode":400,"req":{"url":"/api/saved_objec… Jun 23 18:58:24 SELKS kibana[373]: {"type":"response","@timestamp":"2020-06-23T15:58:24Z","tags":[],"pid":373,"method":"get","statusCode":404,"req":{"url":"/bundles/25.bund… Jun 23 18:58:27 SELKS kibana[373]: {"type":"response","@timestamp":"2020-06-23T15:58:27Z","tags":[],"pid":373,"method":"post","statusCode":400,"req":{"url":"/internal/searc… Jun 23 18:58:35 SELKS kibana[373]: {"type":"response","@timestamp":"2020-06-23T15:58:35Z","tags":[],"pid":373,"method":"post","statusCode":400,"req":{"url":"/api/ui_metric/… Jun 23 18:59:09 SELKS kibana[373]: {"type":"response","@timestamp":"2020-06-23T15:59:09Z","tags":[],"pid":373,"method":"get","statusCode":302,"req":{"url":"/","method":"get… Jun 23 18:59:09 SELKS kibana[373]: {"type":"response","@timestamp":"2020-06-23T15:59:09Z","tags":[],"pid":373,"method":"get","statusCode":302,"req":{"url":"/spaces/enter","… Jun 23 18:59:09 SELKS kibana[373]: {"type":"response","@timestamp":"2020-06-23T15:59:09Z","tags":[],"pid":373,"method":"get","statusCode":200,"req":{"url":"/app/kibana","me… Jun 23 18:59:09 SELKS kibana[373]: {"type":"response","@timestamp":"2020-06-23T15:59:09Z","tags":["api"],"pid":373,"method":"get","statusCode":200,"req":{"url":"/bundles/ap… Hint: Some lines were ellipsized, use -l to show in full. ● evebox.service - EveBox Server Loaded: loaded (/lib/systemd/system/evebox.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-06-23 18:57:06 EEST; 30min ago Main PID: 367 (evebox) Tasks: 8 (limit: 4915) Memory: 38.9M CGroup: /system.slice/evebox.service └─367 /usr/bin/evebox server
Jun 23 18:57:12 SELKS evebox[367]: 2020-06-23 18:57:12 (server.go:335) <Error> -- Failed to ping Elastic Search, delaying startup: : Get "http://localhost:920…ection refused Jun 23 18:57:15 SELKS evebox[367]: 2020-06-23 18:57:15 (server.go:335) <Error> -- Failed to ping Elastic Search, delaying startup: : Get "http://localhost:920…ection refused Jun 23 18:57:18 SELKS evebox[367]: 2020-06-23 18:57:18 (server.go:335) <Error> -- Failed to ping Elastic Search, delaying startup: : Get "http://localhost:920…ection refused Jun 23 18:57:21 SELKS evebox[367]: 2020-06-23 18:57:21 (server.go:335) <Error> -- Failed to ping Elastic Search, delaying startup: : Get "http://localhost:920…ection refused Jun 23 18:57:24 SELKS evebox[367]: 2020-06-23 18:57:24 (server.go:335) <Error> -- Failed to ping Elastic Search, delaying startup: : Get "http://localhost:920…ection refused Jun 23 18:57:28 SELKS evebox[367]: 2020-06-23 18:57:28 (server.go:338) <Info> -- Connected to Elastic Search (version: 7.8.0) Jun 23 18:57:28 SELKS evebox[367]: 2020-06-23 18:57:28 (elasticsearch.go:177) <Info> -- Assuming Logstash style index Jun 23 18:57:28 SELKS evebox[367]: 2020-06-23 18:57:28 (server.go:131) <Info> -- Session reaper started Jun 23 18:57:28 SELKS evebox[367]: 2020-06-23 18:57:28 (server.go:165) <Info> -- Authentication disabled. Jun 23 18:57:28 SELKS evebox[367]: 2020-06-23 18:57:28 (server.go:261) <Info> -- Listening on [127.0.0.1]:5636 Hint: Some lines were ellipsized, use -l to show in full. ● molochviewer-selks.service - Moloch Viewer Loaded: loaded (/etc/systemd/system/molochviewer-selks.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-06-23 18:58:39 EEST; 29min ago Main PID: 1200 (sh) Tasks: 12 (limit: 4915) Memory: 43.0M CGroup: /system.slice/molochviewer-selks.service ├─1200 /bin/sh -c /data/moloch/bin/node viewer.js -c /data/moloch/etc/config.ini >> /data/moloch/logs/viewer.log 2>&1 └─1201 /data/moloch/bin/node viewer.js -c /data/moloch/etc/config.ini
Jun 23 18:58:39 SELKS systemd[1]: molochviewer-selks.service: Scheduled restart job, restart counter is at 1. Jun 23 18:58:39 SELKS systemd[1]: Stopped Moloch Viewer. Jun 23 18:58:39 SELKS systemd[1]: Started Moloch Viewer. ● molochpcapread-selks.service - Moloch Pcap Read Loaded: loaded (/etc/systemd/system/molochpcapread-selks.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-06-23 18:58:36 EEST; 29min ago Main PID: 1190 (sh) Tasks: 5 (limit: 4915) Memory: 206.0M CGroup: /system.slice/molochpcapread-selks.service ├─1190 /bin/sh -c /data/moloch/bin/moloch-capture -c /data/moloch/etc/config.ini -m -s -R /data/nsm/ >> /data/moloch/logs/capture.log 2>&1 └─1191 /data/moloch/bin/moloch-capture -c /data/moloch/etc/config.ini -m -s -R /data/nsm/
Jun 23 18:58:36 SELKS systemd[1]: Started Moloch Pcap Read. scirius RUNNING pid 804, uptime 0:30:51 ii elasticsearch 7.8.0 amd64 Distributed RESTful search engine built for the cloud ii elasticsearch-curator 5.8.1 amd64 Have indices in Elasticsearch? This is the tool for you!\n\nLike a museum curator manages the exhibits and collections on display, \nElasticsearch Curator helps you curate, or manage your indices. ii evebox 1:0.11.1 amd64 no description given ii kibana 7.8.0 amd64 Explore and visualize your Elasticsearch data ii kibana-dashboards-stamus 2020042401 amd64 Kibana 6 dashboard templates. ii logstash 1:7.8.0-1 all An extensible logging pipeline ii moloch 2.3.1-1 amd64 Moloch Full Packet System ii scirius 3.5.0-3 amd64 Django application to manage Suricata ruleset ii suricata 1:2020050401-0stamus0 amd64 Suricata open source multi-thread IDS/IPS/NSM system. Filesystem Type Size Used Avail Use% Mounted on udev devtmpfs 16G 0 16G 0% /dev tmpfs tmpfs 3.2G 17M 3.2G 1% /run /dev/sda1 ext4 438G 6.0G 409G 2% / tmpfs tmpfs 16G 0 16G 0% /dev/shm tmpfs tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs tmpfs 16G 0 16G 0% /sys/fs/cgroup tmpfs tmpfs 3.2G 0 3.2G 0% /run/user/0
Can you try resetting the dashboards from the web Interface?
-- Regards, Peter Manev
On 23 Jun 2020, at 18:28, MaratKzn [email protected] wrote:
root@SELKS:~# selks-health-check_stamus ● suricata.service - LSB: Next Generation IDS/IPS Loaded: loaded (/etc/init.d/suricata; generated) Active: active (running) since Tue 2020-06-23 18:57:07 EEST; 30min ago Docs: man:systemd-sysv-generator(8) Process: 654 ExecStart=/etc/init.d/suricata start (code=exited, status=0/SUCCESS) Tasks: 10 (limit: 4915) Memory: 325.0M CGroup: /system.slice/suricata.service └─704 /usr/bin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid --af-packet -D -v --user=logstash
Jun 23 18:57:07 SELKS systemd[1]: Starting LSB: Next Generation IDS/IPS... Jun 23 18:57:07 SELKS suricata[654]: Starting suricata in IDS (af-packet) mode... done. Jun 23 18:57:07 SELKS systemd[1]: Started LSB: Next Generation IDS/IPS. ● elasticsearch.service - Elasticsearch Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-06-23 18:57:26 EEST; 30min ago Docs: https://www.elastic.co Main PID: 653 (java) Tasks: 97 (limit: 4915) Memory: 1.6G CGroup: /system.slice/elasticsearch.service ├─653 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -D… └─901 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller
Jun 23 18:57:07 SELKS systemd[1]: Starting Elasticsearch... Jun 23 18:57:26 SELKS systemd[1]: Started Elasticsearch. ● logstash.service - logstash Loaded: loaded (/etc/systemd/system/logstash.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-06-23 18:57:06 EEST; 30min ago Main PID: 374 (java) Tasks: 37 (limit: 4915) Memory: 960.4M CGroup: /system.slice/logstash.service └─374 /bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.awt.headless=true -Dfile.en…
Jun 23 18:57:52 SELKS logstash[374]: [2020-06-23T18:57:52,818][INFO ][logstash.outputs.elasticsearch][main] Attempting to install template {:manage_template=>{"template"=>"… Jun 23 18:57:52 SELKS logstash[374]: [2020-06-23T18:57:52,835][INFO ][logstash.outputs.elasticsearch][main] Installing elasticsearch template to _template/logstash Jun 23 18:57:52 SELKS logstash[374]: [2020-06-23T18:57:52,841][INFO ][logstash.outputs.elasticsearch][main] Installing elasticsearch template to _template/logstash Jun 23 18:57:52 SELKS logstash[374]: [2020-06-23T18:57:52,980][INFO ][logstash.filters.geoip ][main] Using geoip database {:path=>"/usr/share/logstash/vendor…2-City.mmdb"} Jun 23 18:57:53 SELKS logstash[374]: [2020-06-23T18:57:53,134][INFO ][logstash.filters.geoip ][main] Using geoip database {:path=>"/usr/share/logstash/vendor…2-City.mmdb"} Jun 23 18:57:53 SELKS logstash[374]: [2020-06-23T18:57:53,207][INFO ][logstash.javapipeline ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipe… Jun 23 18:57:54 SELKS logstash[374]: [2020-06-23T18:57:54,481][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"} Jun 23 18:57:54 SELKS logstash[374]: [2020-06-23T18:57:54,520][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :no…ipelines=>[]} Jun 23 18:57:54 SELKS logstash[374]: [2020-06-23T18:57:54,522][INFO ][filewatch.observingtail ][main][d4aef1d642dafd3cc0ec28e9e79530daa4bc5c58ba6b725806ceff6c…b collections Jun 23 18:57:54 SELKS logstash[374]: [2020-06-23T18:57:54,777][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600} Hint: Some lines were ellipsized, use -l to show in full. ● kibana.service - Kibana Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-06-23 18:57:06 EEST; 30min ago Main PID: 373 (node) Tasks: 11 (limit: 4915) Memory: 1.1G CGroup: /system.slice/kibana.service └─373 /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli
Jun 23 18:57:36 SELKS kibana[373]: {"type":"log","@timestamp":"2020-06-23T15:57:36Z","tags":["listening","info"],"pid":373,"message":"Server running at http:/…calhost:5601"} Jun 23 18:57:37 SELKS kibana[373]: {"type":"log","@timestamp":"2020-06-23T15:57:37Z","tags":["info","http","server","Kibana"],"pid":373,"message":"http server…calhost:5601"} Jun 23 18:58:19 SELKS kibana[373]: {"type":"response","@timestamp":"2020-06-23T15:58:19Z","tags":[],"pid":373,"method":"get","statusCode":400,"req":{"url":"/api/saved_objec… Jun 23 18:58:24 SELKS kibana[373]: {"type":"response","@timestamp":"2020-06-23T15:58:24Z","tags":[],"pid":373,"method":"get","statusCode":404,"req":{"url":"/bundles/25.bund… Jun 23 18:58:27 SELKS kibana[373]: {"type":"response","@timestamp":"2020-06-23T15:58:27Z","tags":[],"pid":373,"method":"post","statusCode":400,"req":{"url":"/internal/searc… Jun 23 18:58:35 SELKS kibana[373]: {"type":"response","@timestamp":"2020-06-23T15:58:35Z","tags":[],"pid":373,"method":"post","statusCode":400,"req":{"url":"/api/ui_metric/… Jun 23 18:59:09 SELKS kibana[373]: {"type":"response","@timestamp":"2020-06-23T15:59:09Z","tags":[],"pid":373,"method":"get","statusCode":302,"req":{"url":"/","method":"get… Jun 23 18:59:09 SELKS kibana[373]: {"type":"response","@timestamp":"2020-06-23T15:59:09Z","tags":[],"pid":373,"method":"get","statusCode":302,"req":{"url":"/spaces/enter","… Jun 23 18:59:09 SELKS kibana[373]: {"type":"response","@timestamp":"2020-06-23T15:59:09Z","tags":[],"pid":373,"method":"get","statusCode":200,"req":{"url":"/app/kibana","me… Jun 23 18:59:09 SELKS kibana[373]: {"type":"response","@timestamp":"2020-06-23T15:59:09Z","tags":["api"],"pid":373,"method":"get","statusCode":200,"req":{"url":"/bundles/ap… Hint: Some lines were ellipsized, use -l to show in full. ● evebox.service - EveBox Server Loaded: loaded (/lib/systemd/system/evebox.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-06-23 18:57:06 EEST; 30min ago Main PID: 367 (evebox) Tasks: 8 (limit: 4915) Memory: 38.9M CGroup: /system.slice/evebox.service └─367 /usr/bin/evebox server
Jun 23 18:57:12 SELKS evebox[367]: 2020-06-23 18:57:12 (server.go:335) -- Failed to ping Elastic Search, delaying startup: : Get "http://localhost:920…ection refused Jun 23 18:57:15 SELKS evebox[367]: 2020-06-23 18:57:15 (server.go:335) -- Failed to ping Elastic Search, delaying startup: : Get "http://localhost:920…ection refused Jun 23 18:57:18 SELKS evebox[367]: 2020-06-23 18:57:18 (server.go:335) -- Failed to ping Elastic Search, delaying startup: : Get "http://localhost:920…ection refused Jun 23 18:57:21 SELKS evebox[367]: 2020-06-23 18:57:21 (server.go:335) -- Failed to ping Elastic Search, delaying startup: : Get "http://localhost:920…ection refused Jun 23 18:57:24 SELKS evebox[367]: 2020-06-23 18:57:24 (server.go:335) -- Failed to ping Elastic Search, delaying startup: : Get "http://localhost:920…ection refused Jun 23 18:57:28 SELKS evebox[367]: 2020-06-23 18:57:28 (server.go:338) -- Connected to Elastic Search (version: 7.8.0) Jun 23 18:57:28 SELKS evebox[367]: 2020-06-23 18:57:28 (elasticsearch.go:177) -- Assuming Logstash style index Jun 23 18:57:28 SELKS evebox[367]: 2020-06-23 18:57:28 (server.go:131) -- Session reaper started Jun 23 18:57:28 SELKS evebox[367]: 2020-06-23 18:57:28 (server.go:165) -- Authentication disabled. Jun 23 18:57:28 SELKS evebox[367]: 2020-06-23 18:57:28 (server.go:261) -- Listening on [127.0.0.1]:5636 Hint: Some lines were ellipsized, use -l to show in full. ● molochviewer-selks.service - Moloch Viewer Loaded: loaded (/etc/systemd/system/molochviewer-selks.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-06-23 18:58:39 EEST; 29min ago Main PID: 1200 (sh) Tasks: 12 (limit: 4915) Memory: 43.0M CGroup: /system.slice/molochviewer-selks.service ├─1200 /bin/sh -c /data/moloch/bin/node viewer.js -c /data/moloch/etc/config.ini >> /data/moloch/logs/viewer.log 2>&1 └─1201 /data/moloch/bin/node viewer.js -c /data/moloch/etc/config.ini
Jun 23 18:58:39 SELKS systemd[1]: molochviewer-selks.service: Scheduled restart job, restart counter is at 1. Jun 23 18:58:39 SELKS systemd[1]: Stopped Moloch Viewer. Jun 23 18:58:39 SELKS systemd[1]: Started Moloch Viewer. ● molochpcapread-selks.service - Moloch Pcap Read Loaded: loaded (/etc/systemd/system/molochpcapread-selks.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-06-23 18:58:36 EEST; 29min ago Main PID: 1190 (sh) Tasks: 5 (limit: 4915) Memory: 206.0M CGroup: /system.slice/molochpcapread-selks.service ├─1190 /bin/sh -c /data/moloch/bin/moloch-capture -c /data/moloch/etc/config.ini -m -s -R /data/nsm/ >> /data/moloch/logs/capture.log 2>&1 └─1191 /data/moloch/bin/moloch-capture -c /data/moloch/etc/config.ini -m -s -R /data/nsm/
Jun 23 18:58:36 SELKS systemd[1]: Started Moloch Pcap Read. scirius RUNNING pid 804, uptime 0:30:51 ii elasticsearch 7.8.0 amd64 Distributed RESTful search engine built for the cloud ii elasticsearch-curator 5.8.1 amd64 Have indices in Elasticsearch? This is the tool for you!\n\nLike a museum curator manages the exhibits and collections on display, \nElasticsearch Curator helps you curate, or manage your indices. ii evebox 1:0.11.1 amd64 no description given ii kibana 7.8.0 amd64 Explore and visualize your Elasticsearch data ii kibana-dashboards-stamus 2020042401 amd64 Kibana 6 dashboard templates. ii logstash 1:7.8.0-1 all An extensible logging pipeline ii moloch 2.3.1-1 amd64 Moloch Full Packet System ii scirius 3.5.0-3 amd64 Django application to manage Suricata ruleset ii suricata 1:2020050401-0stamus0 amd64 Suricata open source multi-thread IDS/IPS/NSM system. Filesystem Type Size Used Avail Use% Mounted on udev devtmpfs 16G 0 16G 0% /dev tmpfs tmpfs 3.2G 17M 3.2G 1% /run /dev/sda1 ext4 438G 6.0G 409G 2% / tmpfs tmpfs 16G 0 16G 0% /dev/shm tmpfs tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs tmpfs 16G 0 16G 0% /sys/fs/cgroup tmpfs tmpfs 3.2G 0 3.2G 0% /run/user/0
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.
Yes! cd /usr/share/python/scirius/ && . bin/activate && python bin/manage.py kibana_reset && deactivate Reset does not help! I want to clarify that after installation everything works, problems begin after the update.
Meant from the gui , (sorry Should have been clearer )
https://github.com/StamusNetworks/SELKS/wiki/How-to-load-or-update-dashboards#from-scirius
You can also just download ready to use SELKS 6
https://github.com/StamusNetworks/SELKS/wiki/First-time-setup
Or you were upgrading from 5? (Just do I don’t misunderstand )
-- Regards, Peter Manev
On 24 Jun 2020, at 09:19, MaratKzn [email protected] wrote:
Yes! cd /usr/share/python/scirius/ && . bin/activate && python bin/manage.py kibana_reset && deactivate Reset does not help! I want to clarify that after installation everything works, problems begin after the update.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.
https://github.com/StamusNetworks/SELKS/wiki/How-to-load-or-update-dashboards#from-scirius
Done! Reset does not help! 2)
You can also just download ready to use SELKS 6 https://github.com/StamusNetworks/SELKS/wiki/First-time-setup Or you were upgrading from 5? (Just do I don’t misunderstand )
I made a clean installation of SELKS 6.0 from your finished build: SELKS-6.0-nodesktop.iso After installation and the first initialization, everything works, stops working after the update (selks-upgrade_stamus). Resetting the dashboards doesn't help!
If you are on a Chrome - can you pres Ctrl+Shif+j when you reload the kibana page , does it show any erros?
I had the same issue. It seems like the problem of Nginx settings. You can check your browser's console. My situation is the browser can't download js from /31997.
I fix it by adding the setting below to my /etc/nginx/sites-available/selks6.conf
location /31997/ { proxy_pass http://127.0.0.1:5601/31997/; proxy_redirect off; }
Maybe just workaround. Any suggestion?
If you are on a Chrome - can you pres Ctrl+Shif+j when you reload the kibana page , does it show any erros?
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
bootstrap.js:11 ^ A single error about an inline script not firing due to content security policy is expected! /31997/bundles/kbn-ui-shared-deps/[email protected]:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/built_assets/dlls/vendors_runtime.bundle.dll.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/built_assets/dlls/vendors_0.bundle.dll.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/built_assets/dlls/vendors_1.bundle.dll.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) 4bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/commons.bundle.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/built_assets/dlls/vendors_3.bundle.dll.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/core/core.entry.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/kibanaUtils/kibanaUtils.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/kibanaReact/kibanaReact.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/built_assets/dlls/vendors_2.bundle.dll.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/data/data.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) 6bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/licensing/licensing.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/observability/observability.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/esUiShared/esUiShared.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) 3bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/usageCollection/usageCollection.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/telemetry/telemetry.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/kibanaLegacy/kibanaLegacy.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/devTools/devTools.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/uiActions/uiActions.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/statusPage/statusPage.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/share/share.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/newsfeed/newsfeed.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) 2bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/indexPatternManagement/indexPatternManagement.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/mapsLegacy/mapsLegacy.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/mapsLegacyLicensing/mapsLegacyLicensing.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/embeddable/embeddable.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/advancedUiActions/advancedUiActions.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/embeddableEnhanced/embeddableEnhanced.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/drilldowns/drilldowns.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/inspector/inspector.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) 5bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/bfetch/bfetch.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/expressions/expressions.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/cloud/cloud.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/apm_oss/apm_oss.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/console/console.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/searchprofiler/searchprofiler.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/painlessLab/painlessLab.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/home/home.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) 6bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/grokdebugger/grokdebugger.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/upgradeAssistant/upgradeAssistant.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/management/management.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) 2bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/licenseManagement/licenseManagement.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/indexManagement/indexManagement.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/reporting/reporting.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) 3bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/crossClusterReplication/crossClusterReplication.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/indexLifecycleManagement/indexLifecycleManagement.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/advancedSettings/advancedSettings.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/fileUpload/fileUpload.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/remoteClusters/remoteClusters.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) 4bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/dataEnhanced/dataEnhanced.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/visTypeTable/visTypeTable.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/visualizations/visualizations.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/visTypeVega/visTypeVega.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/visTypeTimelion/visTypeTimelion.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/telemetryManagementSection/telemetryManagementSection.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) 7bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/features/features.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/snapshotRestore/snapshotRestore.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/security/security.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) 2bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/ingestPipelines/ingestPipelines.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/canvas/canvas.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/transform/transform.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) 3bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/inputControlVis/inputControlVis.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/navigation/navigation.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/graph/graph.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/visTypeMarkdown/visTypeMarkdown.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) 3bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/maps/maps.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/lens/lens.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) 3bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/savedObjects/savedObjects.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/visualize/visualize.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/dashboard/dashboard.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/dashboardEnhanced/dashboardEnhanced.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/discover/discover.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/savedObjectsManagement/savedObjectsManagement.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/spaces/spaces.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/alerting/alerting.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/ml/ml.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/visTypeVislib/visTypeVislib.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/rollup/rollup.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/visTypeTimeseries/visTypeTimeseries.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/visTypeTagcloud/visTypeTagcloud.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/visTypeMetric/visTypeMetric.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/watcher/watcher.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/charts/charts.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) 7bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/triggers_actions_ui/triggers_actions_ui.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/infra/infra.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/monitoring/monitoring.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/logstash/logstash.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/apm/apm.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) /31997/bundles/plugin/siem/siem.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) 5bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27) /31997/bundles/plugin/uptime/uptime.plugin.js:1 Failed to load resource: the server responded with a status of 404 (Not Found) bootstrap.js:27 Uncaught TypeError: Cannot read property 'dataset' of null at HTMLScriptElement.failure (bootstrap.js:27)
That - https://github.com/StamusNetworks/SELKS/issues/238#issuecomment-648704558 is your fix i think. Kibana has new folders and usage adding in and nginx is not aware of that ... I will have a look and come back as well.
I had the same issue. It seems like the problem of Nginx settings. You can check your browser's console. My situation is the browser can't download js from /31997.
I fix it by adding the setting below to my /etc/nginx/sites-available/selks6.conf
location /31997/ { proxy_pass http://127.0.0.1:5601/31997/; proxy_redirect off; }Maybe just workaround. Any suggestion?
After adding to /etc/nginx/sites-available/selks6.conf, it works! Thank you!
Well, but now the FPC url (screenshot) in Kibana selection reports this
ERROR - getUser - user: moloch err: [index_not_found_exception] no such index [users], with { resource.type="index_expression" & resource.id="users" & index_uuid="na" & index="users" } :: {"path":"/users/_doc/moloch","query":{},"statusCode":404,"response":"{"error":{"root_cause":[{"type":"index_not_found_exception","reason":"no such index [users]","resource.type":"index_expression","resource.id":"users","index_uuid":"na","index":"users"}],"type":"index_not_found_exception","reason":"no such index [users]","resource.type":"index_expression","resource.id":"users","index_uuid":"na","index":"users"},"status":404}"}
Well, here is no users_v7 index. Not created. How to re-create this index?
I don't know. But, the completely fresh install SELKS6 have this index and SELKS5 to SELKS6 upgrade don't have this index. Is it here some console script to complete re-create all indexes?
- července 2020 15:23:56 SELČ, Peter Manev [email protected] napsal:
I am not sure to be honest - what is the users_v7 index?
-- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/StamusNetworks/SELKS/issues/238#issuecomment-654855763
-- Odesláno z mého telefonu s Androidem pomocí pošty K-9 Mail. Omluvte prosím moji stručnost.
Not that i know of - but i think this might be the set up for the user by Moloch done during first time setup script. Maybe you can try that - without deleting any data that is?
I tried this script selks-first-time-setup_stamus
And now, I can see the Moloch table with known error Unknown field protocols
I will try to restart the SELKS machine, maybe Moloch will repair his table.
Well, I had to do:
- Restart SELKS
- selks-first-time-setup_stamus
- selks-db-logs-cleanup_stamus
- selks-upgrade_stamus
Now, Moloch seems to be empty (ok, data in RAM cache, yet) but without error page.
It could have been also that there was some migration in process not finished yet.
I think it is the clean db logs script that cleaned up all data - maybe skip that next time.
After upgrading Kibana to 7.9.2 you need add the new block to Nginx with new port
location /33984/ {
proxy_pass http://127.0.0.1:5601/33912/;
proxy_redirect off;
}
I have updated the docs here - https://github.com/StamusNetworks/SELKS/wiki/Kibana-did-not-load-properly
Thank you !
After upgrade Kibana to 7.10.1 need to add new block to nginx config, as before -
location /36063/ {
proxy_pass http://127.0.0.1:5601/36036/;
proxy_redirect off;
}
Updated the docs - https://github.com/StamusNetworks/SELKS/wiki/Kibana-did-not-load-properly Thanks! Will also include it in the next upgrade.