Squil is unable to start

175 views
Skip to first unread message

Blason R

unread,
Aug 6, 2018, 1:33:57 AM8/6/18
to security-onion
Hi Team,

I am unable to start squil and here is sostat. Can someone please help?

=========================================================================
Sguil Uncategorized Events
=========================================================================
ERROR 1168 (HY000) at line 1: Unable to open underlying table which is differently defined or of non-MyISAM type or doesn't exist

=========================================================================
Sguil events summary for yesterday
=========================================================================
ERROR 1168 (HY000) at line 1: Unable to open underlying table which is differently defined or of non-MyISAM type or doesn't exist
ERROR 1168 (HY000) at line 1: Unable to open underlying table which is differently defined or of non-MyISAM type or doesn't exist

=========================================================================
Top 50 All time Sguil Events
=========================================================================
ERROR 1168 (HY000) at line 1: Unable to open underlying table which is differently defined or of non-MyISAM type or doesn't exist
ERROR 1168 (HY000) at line 1: Unable to open underlying table which is differently defined or of non-MyISAM type or doesn't exist

=========================================================================
Last update
=========================================================================

Blason R

unread,
Aug 6, 2018, 1:39:55 AM8/6/18
to security-onion

Here is the error message


ERROR: You appear to be using an old version of the
sguil database schema that does not support the MERGE tables
Please use the migrate_event.tcl script and see the CHANGES
document for more information

. Table event returned status => event {} {} {} {} {} {} {} {} {} {} {} {} {} {} {} {} {Unable to open underlying table which is differently defined or of non-MyISAM type or doesn't exist}

Doug Burks

unread,
Aug 6, 2018, 12:00:32 PM8/6/18
to securit...@googlegroups.com
Hi Blason,

This may be related to the recent MySQL issue:

That blog post links to a workaround:

Have you tried the workaround?

Alternatively, we just released a new ISO image which avoids the MySQL issue altogether:



--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.



--
Doug Burks
CEO
Security Onion Solutions, LLC

Blason R

unread,
Aug 6, 2018, 1:28:10 PM8/6/18
to security-onion
So upgrading should resolve the issue right?

No I have not tried the workaround but let me give a try.

Thanks for the


To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.



--
Doug Burks
CEO
Security Onion Solutions, LLC

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/THUqZJQG3do/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.

Blason R

unread,
Aug 6, 2018, 1:44:27 PM8/6/18
to security-onion
Well I am upgrading and lets see if that resolves the issue as I am seeing the below error while soup is running


Repairing tables
securityonion_db.event
Error    : Table 'securityonion_db.event_persian-eno2-10_20180721' is differently defined or of non-MyISAM type or doesn't exist
Error    : Table 'securityonion_db.event_persian-eno2-11_20180721' is differently defined or of non-MyISAM type or doesn't exist
Error    : Table 'securityonion_db.event_persian-eno2-12_20180721' is differently defined or of non-MyISAM type or doesn't exist
Error    : Table 'securityonion_db.event_persian-eno2-1_20180721' is differently defined or of non-MyISAM type or doesn't exist
Error    : Table 'securityonion_db.event_persian-eno2-2_20180721' is differently defined or of non-MyISAM type or doesn't exist
Error    : Table 'securityonion_db.event_persian-eno2-3_20180721' is differently defined or of non-MyISAM type or doesn't exist
Error    : Table 'securityonion_db.event_persian-eno2-4_20180721' is differently defined or of non-MyISAM type or doesn't exist
Error    : Table 'securityonion_db.event_persian-eno2-5_20180721' is differently defined or of non-MyISAM type or doesn't exist
Error    : Unable to open underlying table which is differently defined or of non-MyISAM type or doesn't exist
error    : Corrupt
Upgrade process completed successfully.
Checking if update is needed.

Blason R

unread,
Aug 6, 2018, 1:53:55 PM8/6/18
to security-onion
Hi Doug,

Well upgrade didnt resolve the issue. I am seeing for workaround now!

Steven J

unread,
Aug 6, 2018, 2:04:09 PM8/6/18
to securit...@googlegroups.com

Steven Malm
Roc-Analyst I
Lyrical Security
174 Spadina Ave, Suite 400, Toronto, ON, Canada - M5T 2C2

> To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
>
> To post to this group, send email to security-onion@googlegroups.com.

>
> Visit this group at https://groups.google.com/group/security-onion.
>
> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
>
> --
>
> Doug Burks
> CEO
> Security Onion Solutions, LLC
>
>
>
>
>
> --
>
> Follow Security Onion on Twitter!
>
> https://twitter.com/securityonion
>
> ---
>
> You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
>
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/THUqZJQG3do/unsubscribe.
>
> To unsubscribe from this group and all its topics, send an email to security-onion+unsubscribe@googlegroups.com.
>
> To post to this group, send email to security-onion@googlegroups.com.

>
> Visit this group at https://groups.google.com/group/security-onion.
>
> For more options, visit https://groups.google.com/d/optout.
Hi Doug,

Well upgrade didnt resolve the issue. I am seeing for workaround now!
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.

Blason R

unread,
Aug 6, 2018, 2:12:34 PM8/6/18
to security-onion
On Monday, August 6, 2018 at 11:34:09 PM UTC+5:30, Steven J wrote:
> Would this still be relevant? 
> https://groups.google.com/forum/#!topic/security-onion/deLDT0kuYNk
>
>
>
>
>
>
>
>
>
>
>
>
> Steven Malm
> Roc-Analyst I
> Lyrical Security
> 174 Spadina Ave, Suite 400, Toronto, ON, Canada - M5T 2C2
> 1-855-561-4604 ext. 55
> mobile: (705) 440-3339
> e-mail: sjm...@lyricalsecurity.com
> > To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
>
> >
>
> > To post to this group, send email to securit...@googlegroups.com.
>
> >
>
> > Visit this group at https://groups.google.com/group/security-onion.
>
> >
>
> > For more options, visit https://groups.google.com/d/optout.
>
> >
>
> >
>
> >
>
> >
>
> >
>
> > --
>
> >
>
> > Doug Burks
>
> > CEO
>
> > Security Onion Solutions, LLC
>
> >
>
> >
>
> >
>
> >
>
> >
>
> > --
>
> >
>
> > Follow Security Onion on Twitter!
>
> >
>
> > https://twitter.com/securityonion
>
> >
>
> > ---
>
> >
>
> > You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
>
> >
>
> > To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/THUqZJQG3do/unsubscribe.
>
> >
>
> > To unsubscribe from this group and all its topics, send an email to security-onio...@googlegroups.com.
>
> >
>
> > To post to this group, send email to securit...@googlegroups.com.
>
> >
>
> > Visit this group at https://groups.google.com/group/security-onion.
>
> >
>
> > For more options, visit https://groups.google.com/d/optout.
>
> Hi Doug,
>
>
>
> Well upgrade didnt resolve the issue. I am seeing for workaround now!
>
>
>
>
>
> --
>
> Follow Security Onion on Twitter!
>
> https://twitter.com/securityonion
>
> ---
>
> You received this message because you are subscribed to the Google Groups "security-onion" group.
>
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
>
> To post to this group, send email to securit...@googlegroups.com.
>
> Visit this group at https://groups.google.com/group/security-onion.
>
> For more options, visit https://groups.google.com/d/optout.

Let me see!!

Blason R

unread,
Aug 6, 2018, 2:26:18 PM8/6/18
to security-onion
Oh wow that seems to have done the trick!! Thanks man for your timely help.
Reply all
Reply to author
Forward
0 new messages