StamusNetworks
Problem with viewing Alerts on Scirius page
stamus.error.log shows multiple entries line this
connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.101, server: selks, request: "GET /rules/info?query=memory HTTP/1.1", upstream: "fastcgi://[::1]:8080", host: "selks.foo.bar", referrer: "https://selks.foo.bar/rules/ruleset/"
Tried on two OSX systems (el capitan and snow leopard)
ElasticSearch/Kibana pages (ones with maps etc) work ok.
Access to Scirus page is https://selks.foo.bar
If you go to scirius -> suricata -> edit and change the first field NAME to match your hostname -would that help?
Hi Its was set to selks.foo.bar prior to me raising an issue.
Is it supposed to be a fqdn?
Good morning,
Same issue seen by me. You do probably runs elastic 5.x where .raw has been changed to .keyword. This obligated you to change local_settings.py or settings.py with:
from ELASTICSEARCH_KEYWORD = "raw"
to ELASTICSEARCH_KEYWORD = "keyword"
@snaki4 - did that change fix the issue for you on Elasticsearch 5?
-- Regards, Peter Manev
On 17 Jan 2017, at 04:21, snaki4 [email protected] wrote:
Good morning,
Same issue seen by me. I have changed hostname under web interface, checked that that hostname populated in the elasticsearch database, but stats aren't being showed up on the dashboard :(
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
I can confirm that setting ELASTICSEARCH_KEYWORD = "keyword" made it work for me with Elasticsearch 5.
Can someone put this thread somewhere more visible. I had the same exact issue and indeed the solution of changing the name under suricata on scirius fixed the issue
