New Security Onion Install
47 views
Skip to first unread message
Ben Lincoln
May 20, 2016, 4:45:32 PM5/20/16
to security-onion
I have recently installed the latest version of Security Onion and ran through the setup guide. Prior to running the security onion setup, I had network access. After the system restarts, I lose my network connection and haven't been able to get it back online. I've tried setting the IP to DHCP and statically, but still no connection. Any ideas to get this fixed?
Thanks
Ben
Thanks
Ben
Doug Burks
May 20, 2016, 4:48:49 PM5/20/16
to securit...@googlegroups.com
Hi Ben,
Is this a wired or wireless connection? The vast majority of sensors
are using wired connections, so we don't support wireless.
> --
> Follow Security Onion on Twitter!
> https://twitter.com/securityonion
> ---
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Is this a wired or wireless connection? The vast majority of sensors
are using wired connections, so we don't support wireless.
> Follow Security Onion on Twitter!
> https://twitter.com/securityonion
> ---
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Ben Lincoln
May 20, 2016, 5:07:49 PM5/20/16
to security-onion
This is a wired connection, no wireless is on this box.
Doug Burks
May 20, 2016, 5:09:56 PM5/20/16
to securit...@googlegroups.com
Please run the following command:
sudo sostat-redacted
There will be a lot of output, so you may need to increase your
terminal's scroll buffer OR redirect the output of the command to a
file:
sudo sostat-redacted > sostat-redacted.txt 2>&1
sostat-redacted will automatically redact any IPv4/IPv6/MAC addresses,
but there may be additional sensitive info that you still need to
redact manually.
Attach the output to your email in plain text format (.txt) OR use a
service like http://pastebin.com.
sudo sostat-redacted
There will be a lot of output, so you may need to increase your
terminal's scroll buffer OR redirect the output of the command to a
file:
sudo sostat-redacted > sostat-redacted.txt 2>&1
sostat-redacted will automatically redact any IPv4/IPv6/MAC addresses,
but there may be additional sensitive info that you still need to
redact manually.
Attach the output to your email in plain text format (.txt) OR use a
service like http://pastebin.com.
Ben Lincoln
May 20, 2016, 6:14:27 PM5/20/16
to security-onion
Doug Burks
May 21, 2016, 4:30:07 AM5/21/16
to securit...@googlegroups.com
Looking at your sostat output, the Link Statistics section shows all
ethernet interfaces as "state DOWN" and 0 packets sent/received so
it's almost as if somebody disconnected the cables. I assume this
isn't actually the case, so we'll need more information:
- what kind of machine is this?
- what kind of NIC(s)?
- what kind of switches/taps are they connected to?
ethernet interfaces as "state DOWN" and 0 packets sent/received so
it's almost as if somebody disconnected the cables. I assume this
isn't actually the case, so we'll need more information:
- what kind of machine is this?
- what kind of NIC(s)?
- what kind of switches/taps are they connected to?
Ben Lincoln
May 23, 2016, 6:52:23 PM5/23/16
to security-onion
Hello,
This is a
Cisco UCS C220 M4
Nic cards are Intel Ethernet I350 Gigabit rev01
Connected to a cisco catalyst 6800ia switch
This is a
Cisco UCS C220 M4
Nic cards are Intel Ethernet I350 Gigabit rev01
Connected to a cisco catalyst 6800ia switch
On Friday, May 20, 2016 at 1:45:32 PM UTC-7, Ben Lincoln wrote:
Doug Burks
May 24, 2016, 7:25:00 AM5/24/16
to securit...@googlegroups.com
I'm not aware of any issues with that hardware.
You could try comparing the output of the following command before and
after running Setup:
ip -s -s link
You might also try manually configuring /etc/network/interfaces:
https://github.com/Security-Onion-Solutions/security-onion/wiki/NetworkConfiguration
You could try comparing the output of the following command before and
after running Setup:
ip -s -s link
You might also try manually configuring /etc/network/interfaces:
https://github.com/Security-Onion-Solutions/security-onion/wiki/NetworkConfiguration
Reply all
Reply to author
Forward
0 new messages