SELKS icon indicating copy to clipboard operation
SELKS copied to clipboard

Published 20 hours ago verified publisher icon StamusNetworks

Moloch molochpcapread couldn't stat oui file

Open b4b857f6ee opened this issue 3 years ago • 14 comments

Hello,

Fresh install first setup and upgrade. Fix a nginx problem with kibana with some issue here, just modify the nginx configuration :).

I configure option 2 FPC. I don't have internet on the system.

And the molochpcapread didn't not work, i guess because about the no internet access? Any idea :)?

image

image

b4b857f6ee avatar Nov 04 '21 12:11 b4b857f6ee

It is opening , so it seems there is just no data?

pevma avatar Nov 04 '21 15:11 pevma

It is opening , so it seems there is just no data?

Yes and the service is not started... i don't understand why.... I got data on the scirius, on evebox, on kibana... but why not in moloch.... :/

b4b857f6ee avatar Nov 04 '21 15:11 b4b857f6ee

The Moloch service starts with a delay on purpose as it depends on ES. You can always restart it - fyi - https://github.com/StamusNetworks/SELKS/wiki/Services-status-check Otherwise look for err message in the log file (the service shows it)

pevma avatar Nov 04 '21 15:11 pevma

The Moloch service starts with a delay on purpose as it depends on ES. You can always restart it - fyi - https://github.com/StamusNetworks/SELKS/wiki/Services-status-check Otherwise look for err message in the log file (the service shows it)

i already show it here image

b4b857f6ee avatar Nov 04 '21 15:11 b4b857f6ee

image

And the log

image

b4b857f6ee avatar Nov 04 '21 15:11 b4b857f6ee

I think the first time set up maybe did not finish properly, I think it be due to the fact you had no internet connection for the setup ?

pevma avatar Nov 04 '21 19:11 pevma

I think the first time set up maybe did not finish properly, I think it be due to the fact you had no internet connection for the setup ?

I was having it, but i done it one more time without it yes. I really need it?

b4b857f6ee avatar Nov 05 '21 08:11 b4b857f6ee

I think the first time set up maybe did not finish properly, I think it be due to the fact you had no internet connection for the setup ?

I've just done it with internet. Not error. I got all running this time. I got pcacp in the /data/moloch/raw but still, nothing on the moloch interface x'D

in the /data/moloch/etc/config.ini i got this, so i guess the starting script didn't change the listening interface i have choose? image

b4b857f6ee avatar Nov 05 '21 11:11 b4b857f6ee

I change it with my suricata interface. I got 5 packet on moloch and.... nothing more ^^. Even if the pcap grow image

b4b857f6ee avatar Nov 05 '21 11:11 b4b857f6ee

Ok i restart, i can see all but i can't see the last. nothing after 12h50, ant it's now 13h02. Strange no ? image

b4b857f6ee avatar Nov 05 '21 12:11 b4b857f6ee

I got this in capture.log

image

b4b857f6ee avatar Nov 05 '21 12:11 b4b857f6ee

Ok i think i got a delta of 30 min before having the log in Moloch, normal?

b4b857f6ee avatar Nov 05 '21 14:11 b4b857f6ee

Hi i need your help. i have the same problem ! but i have setup the arkime using internet but always the same problem

nour1509 avatar Dec 30 '23 19:12 nour1509

Did you try selecting different time span ?

pevma avatar Dec 31 '23 12:12 pevma