Snorby severity not counting
664 views
Skip to first unread message
Nico Restu Pratama
Jun 3, 2014, 2:36:09 AM6/3/14
to securit...@googlegroups.com
Hi guys,
I was configuring SO Last night(06/02/2014, Id GMT+7) and today i figured so many alert in snorby event tab. I can see snort alert in squert, elsa, and sguil also.
But the severity on snorby main dashboard do not counting.
Anyone experienced this before?
Cheers,
NicoR
Heine Lysemose
Jun 3, 2014, 6:44:54 AM6/3/14
to securit...@googlegroups.com
Hi
What if you do a cache update from the "More Options" menu?
It look like the dashboard hasn't been updated since 06/03/14 01:00 PM UTC (that might be okay in your timezone)
regards,
Lysemose
--
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at http://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Doug Burks
Jun 3, 2014, 8:03:22 AM6/3/14
to securit...@googlegroups.com
On Tue, Jun 3, 2014 at 7:44 AM, Nico Restu Pratama
<nico.r....@gmail.com> wrote:
> Thanks for your attention.
> I already hit the "More Options" button but the severities on dashboard still not counting. Meanwhile the event keep increasing.
Just clicking "More Options" by itself won't do anything.
<nico.r....@gmail.com> wrote:
> Thanks for your attention.
> I already hit the "More Options" button but the severities on dashboard still not counting. Meanwhile the event keep increasing.
Please do the following:
- click "More Options"
- click "Force Cache Update"
- Dashboard will display "Current caching"
- once that disappears, then refresh the Dashboard page
If that still doesn't help, please try rebooting.
Nico Restu Pratama
Jun 3, 2014, 8:30:49 AM6/3/14
to securit...@googlegroups.com
Hi Burks,
Sorry i meant i clicked "Force Cache Update" too. After that i refresh the dashboard also and severities still not counting.
Sorry i meant i clicked "Force Cache Update" too. After that i refresh the dashboard also and severities still not counting.
I just rebooting and the snorby severities still zero.
Is it any .conf file can i checked related to severities counting in snorby?
Doug Burks
Jun 3, 2014, 8:41:43 AM6/3/14
to securit...@googlegroups.com
Press Ctrl-3 to go to the "Worker & Job Queue" page. Please send a
screenshot of that page. Also click on the buttons in the Handler
column and check for errors in each of the handlers.
On Tue, Jun 3, 2014 at 8:30 AM, Nico Restu Pratama
Doug Burks
screenshot of that page. Also click on the buttons in the Handler
column and check for errors in each of the handlers.
On Tue, Jun 3, 2014 at 8:30 AM, Nico Restu Pratama
<nico.r....@gmail.com> wrote:
> Hi Burks,
> Sorry i meant i clicked "Force Cache Update" too. After that i refresh the dashboard also and severities still not counting.
>
> I just rebooting and the snorby severities still zero.
>
> Is it any .conf file can i checked related to severities counting in snorby?
>
>
> On Tuesday, June 3, 2014 7:03:22 PM UTC+7, Doug Burks wrote:
>> On Tue, Jun 3, 2014 at 7:44 AM, Nico Restu Pratama
>>
>> <nico.r....@gmail.com> wrote:
>>
>> > Thanks for your attention.
>>
>> > I already hit the "More Options" button but the severities on dashboard still not counting. Meanwhile the event keep increasing.
>>
>>
>>
>> Just clicking "More Options" by itself won't do anything.
>>
>>
>>
>> Please do the following:
>>
>> - click "More Options"
>>
>> - click "Force Cache Update"
>>
>> - Dashboard will display "Current caching"
>>
>> - once that disappears, then refresh the Dashboard page
>>
>>
>>
>> If that still doesn't help, please try rebooting.
>
> Hi Burks,
> Sorry i meant i clicked "Force Cache Update" too. After that i refresh the dashboard also and severities still not counting.
>
> I just rebooting and the snorby severities still zero.
>
> Is it any .conf file can i checked related to severities counting in snorby?
>
>
> On Tuesday, June 3, 2014 7:03:22 PM UTC+7, Doug Burks wrote:
>> On Tue, Jun 3, 2014 at 7:44 AM, Nico Restu Pratama
>>
>> <nico.r....@gmail.com> wrote:
>>
>> > Thanks for your attention.
>>
>> > I already hit the "More Options" button but the severities on dashboard still not counting. Meanwhile the event keep increasing.
>>
>>
>>
>> Just clicking "More Options" by itself won't do anything.
>>
>>
>>
>> Please do the following:
>>
>> - click "More Options"
>>
>> - click "Force Cache Update"
>>
>> - Dashboard will display "Current caching"
>>
>> - once that disappears, then refresh the Dashboard page
>>
>>
>>
>> If that still doesn't help, please try rebooting.
>
> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
Doug Burks
Nico Restu Pratama
Jun 3, 2014, 9:13:33 AM6/3/14
to securit...@googlegroups.com
I attaching worker&jobqueue screenshot. The status looks green OK.
But when i tried to clicked upper handler it seems like showing error message. And the second handler was showing error message too "Error:Internal server error". Capture attached
--
You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/KZQLxhHXaqA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onio...@googlegroups.com.
Doug Burks
Jun 3, 2014, 9:17:32 AM6/3/14
to securit...@googlegroups.com
Please check the log files in /opt/snorby/log/ for additional clues.
On Tue, Jun 3, 2014 at 9:05 AM, Nico Restu Pratama
On Tue, Jun 3, 2014 at 9:05 AM, Nico Restu Pratama
Nico Restu Pratama
Jun 3, 2014, 10:45:26 AM6/3/14
to securit...@googlegroups.com
Hi...
Fixed already....
I found this is one of snorby bug https://github.com/Snorby/snorby/issues/340
and i follow the instruction to solve :
mysql -u root -p
use snorby;
truncate table caches;
exit
Remove the 2 worker jobs (use the little trash can icon next to each worker job to remove the job). Then add the new job.
Now the dashboard counting :D. Thanks All...
Cheers...
Doug Burks
Jun 4, 2014, 7:44:34 AM6/4/14
to securit...@googlegroups.com
Added to FAQ:
https://code.google.com/p/security-onion/wiki/FAQ#Why_does_the_Snorby_dashboard_show_all_zeroes?
On Tue, Jun 3, 2014 at 10:45 AM, Nico Restu Pratama
https://code.google.com/p/security-onion/wiki/FAQ#Why_does_the_Snorby_dashboard_show_all_zeroes?
On Tue, Jun 3, 2014 at 10:45 AM, Nico Restu Pratama
Reply all
Reply to author
Forward
0 new messages