Security Onion 1.4.1 and elastic basic license

[mario...@gmail.com]

Hi !

Is it possible to use elastic basic license features like siem with secuirtyonion 1.4.1 hybrid hunter ?

Thanks

[Wes Lambert]

I know there was an issue with the Features images at some point, so let me check on that -- you should, however, be able to switch to them to use the basic license once that issue has been resolved.

Thanks,

Wes

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/security-onion/275bdfed-b7a2-424c-8052-0f6080e28443n%40googlegroups.com.

--

https://twitter.com/therealwlambert

https://securityonion.net/

[Wes Lambert]

Update: This will be fixed in the next release, RC1.

Thanks,

Wes

[Chris Morgret]

Hi Raimundo, 

To switch to Elastic Features run "so-features-enable".   I tested on a standalone and it did work.

Thanks,

Chris

On Mon, Sep 7, 2020 at 12:52 PM Raimundo Jimenez <rjim...@comunicaciones.es> wrote:

Hi Wes,

Could you confirm if it is already fixed in RC2? If so, do you have any information on how to activate it?

Thanks a lot in advance!

Raimundo

To view this discussion on the web visit https://groups.google.com/d/msgid/security-onion/dc60a346-5954-49f9-83c4-c0a421648c00n%40googlegroups.com.

[Raimundo Jimenez]

Hi Chris,

Thank you very much!

Best regards,

Raimundo

[Raimundo Jimenez]

Hi Chris,

It seems it is not working correctly on a 'Eval' installation. Tried twice in two different machines, one of them with a fresh installation, but with the same result...

# docker logs so-elasticsearch
Importing PKCS12 keypair into Java keystore
Importing keystore /usr/share/elasticsearch/config/elasticsearch.p12 to /usr/share/elasticsearch/config/sokeys...
Entry for alias 1 successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled
uncaught exception in thread [main]
java.lang.IllegalArgumentException: Cannot have additional setting [transport.type] in plugin [SoTls], already added in plugin [x-pack-security]
    at org.elasticsearch.plugins.PluginsService.updatedSettings(PluginsService.java:216)
    at org.elasticsearch.node.Node.<init>(Node.java:318)
    at org.elasticsearch.node.Node.<init>(Node.java:266)
    at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:227)
    at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:227)
    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393)
    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170)
    at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161)
    at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
    at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127)
    at org.elasticsearch.cli.Command.main(Command.java:90)
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126)
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92)
For complete error details, refer to the log at /var/log/elasticsearch/securityonioneval.log

Checking Docker status

    Docker ------------------------- [ OK ]   

Checking container statuses

    so-cortex ---------------------- [ OK ]   
    so-curator --------------------- [ OK ]   
    so-dockerregistry -------------- [ OK ]   
    so-elastalert --------------- [ ERROR ]   
    so-elasticsearch ------------ [ ERROR ]   
    so-filebeat -------------------- [ OK ]   
    so-fleet ----------------------- [ OK ]   
    so-grafana --------------------- [ OK ]   
    so-idstools -------------------- [ OK ]   
    so-influxdb -------------------- [ OK ]   
    so-kibana ---------------------- [ OK ]   
    so-kratos ---------------------- [ OK ]   
    so-mysql ----------------------- [ OK ]   
    so-nginx ----------------------- [ OK ]   
    so-playbook -------------------- [ OK ]   
    so-redis ----------------------- [ OK ]   

    so-sensoroni ------------------- [ OK ]  

I will try however in a Standalone installation.

Best regards,

Raimundo

[Raimundo Jimenez]

Yep, so-features-enable failed in the same way in a Standalone server :'(

[Chris Morgret]

Raimundo,

I checked my standalone test and it was actually done on 2.0.3, not 2.1. I was able to replicate and the issue is now being tracked via https://github.com/Security-Onion-Solutions/securityonion/issues/1306. 

Thanks for reporting this.

Chris

To view this discussion on the web visit https://groups.google.com/d/msgid/security-onion/247187e0-e799-416a-a7a0-210aced26699n%40googlegroups.com.

[Raimundo Jiménez]

Thanks goes to you, Chris, for your feedback and support!

Would you know any workaround for this issue? Is it a matter of substituting the container?

Best regards,

Raimundo

You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/hETMnPWJ0XE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onio...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/security-onion/CALz4wPxGuYThEuSP42MuwoT%2Bfnya8GSoBbSFkU4uTq9nKdbm%2Bg%40mail.gmail.com.

[Doug Burks]

Issue 1306 should be resolved in RC3 which is coming soon!

To view this discussion on the web visit https://groups.google.com/d/msgid/security-onion/CA%2BPFr_ny_75hXLN55fMqXTa3kd75Ub7p%2B0%3DoCAfZcWVhkaJ3kQ%40mail.gmail.com.

--

Doug Burks
Founder and CEO
Security Onion Solutions, LLC

[Raimundo Jiménez]

Thank you very much Doug! Willing to see RC3 out :-)

However, I am still interested in debugging as a way to know a little bit more of the internal architecture... :-)

My best wishes, and congratulations to all the team for the good work.

Raimundo

To view this discussion on the web visit https://groups.google.com/d/msgid/security-onion/CAJ%2BhwWCxG-2uUEKTgrPxH2L7YGp%2Buts-7OLOqFqaPGrUQ5Y21A%40mail.gmail.com.