This repository has been archived by the owner on Apr 16, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 521
Help
weslambert edited this page Jun 8, 2016
·
14 revisions
- Are you running the latest version of Security Onion?
- Check the FAQ.
- Search the Security Onion Mailing Lists.
- Search the documentation and mailing lists of the tools contained within Security Onion: Tools
- Run
sostatfor some diagnostics:
sudo sostat | less
- If any of the NSM processes show up as failed, try restarting them:
sudo service nsm restart
-
Check log files in
/var/log/nsm/or other locations for any errors or possible clues:- Setup
/var/log/nsm/sosetup.log - Daily Log / PCAPs
/nsm/sensor_data/{ HOSTNAME-INTERFACE }/dailylogs - sguil
/var/log/nsm/securityonion/sguild.log - Suricata
/var/log/nsm/{ HOSTNAME-INTERFACE }/suricata.log - barnyard2
/var/log/nsm/ { HOSTNAME-INTERFACE }/barnyard2.log - netsniff-ng
/var/log/nsm/{ HOSTNAME-INTERFACE }/netsniff-ng.log - ELSA
/nsm/elsa/data/elsa/log/node.log - Bro
/nsm/bro/logs/current - snort_agent
/var/log/nsm/{ HOSTNAME-INTERFACE }/snort_agent.log - argus
/var/log/nsm/{ HOSTNAME-INTERFACE }/argus.log - http_agent
/var/log/nsm/{ HOSTNAME-INTERFACE }/http_agent.log - pads_agent
/var/log/nsm/{ HOSTNAME-INTERFACE }/pads_agent.log - prads_agent
/var/log/nsm/{ HOSTNAME-INTERFACE }/prads.log - sancp_agent
/var/log/nsm/{ HOSTNAME-INTERFACE }/sancp_agent.log
- Setup
-
If this is a sensor sending alerts to master server, is autossh running?
pgrep -lf autossh
- Having trouble with MySQL? Check all databases to see if any tables are are marked as crashed or corrupt.
sudo mysqlcheck -A
- Check specific MySQL databases by running something similar to the following:
sudo mysqlcheck -c securityonion_db
-
Please note: Snorby has been removed in the new Security Onion 14.04, but this note is left here for legacy documentation purposes.
If you're having problems with Snorby, check the log files in/opt/snorby/log/and/var/log/apache2/and see if its processes are running:
pgrep -lf delayed_job
- Are you able to duplicate the problem on a fresh Security Onion installation?
- Check the Roadmap to see if this is a known issue that we are working on.
- If all else fails, please send an email to our security-onion mailing list.
- Need training or commercial support? http://www.securityonionsolutions.com
- Introduction
- Use Cases
- Hardware Requirements
- Release Notes
- Download/Install
- Booting Issues
- After Installation
- UTC and Time Zones
- Services
- VirtualBox Walkthrough
- VMWare Walkthrough
- Videos
- Architecture
- Cheat Sheet
- Conference
- Elastic Stack
- Elastic Architecture
- Elasticsearch
- Logstash
- Kibana
- ElastAlert
- Curator
- FreqServer
- DomainStats
- Docker
- Redis
- Data Fields
- Beats
- Pre-Releases
- ELSA to Elastic
- Network Configuration
- Proxy Configuration
- Firewall/Hardening
- Email Configuration
- Integrating with other systems
- Changing IP Addresses
- NTP
- Managing Alerts
- Managing Rules
- Adding Local Rules
- Disabling Processes
- Filtering with BPF
- Adjusting PF_RING for traffic
- MySQL Tuning
- Adding a new disk
- High Performance Tuning
- Trimming PCAPs