Empty Squert chromium Dashboard

189 views
Skip to first unread message

Motaz Qaroush

unread,
Apr 24, 2016, 2:16:18 AM4/24/16
to security-onion
Hello to all;
I had been install Security onion in Wen 20/4/2016...
Now i open squert browsers (Chromium) ...i find empty Dashboard ....there is no records...
Please your help..
Thx

Motaz Qaroush

unread,
Apr 24, 2016, 4:23:53 AM4/24/16
to securit...@googlegroups.com
the output is attached 


--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/uCHItcq--Bg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

sostatRedacted24.txt

Wes

unread,
Apr 24, 2016, 7:53:02 AM4/24/16
to security-onion
Motaz,

Are you running Security Onion 12.04 or 14.04? If 12.04 I would recommend upgrading soon, as stable updates for 12.04 are no longer available.

I see these services are enabled:

* prads (sessions/assets)[ OK ]
* sancp_agent (SO-user)[ OK ]
* pads_agent (SO-user)[ OK ]
* argus[ OK ]
* http_agent (SO-user)[ OK ]

Since your are already running Bro/ELSA many of these services duplicate effort and or utilization of resources. It would probably be best to disable these services per Best Practices:

https://github.com/Security-Onion-Solutions/security-onion/wiki/Best-Practices

Could it be that the events are already categorized? Do you see any events in the left-hand panel, near the bottom? Could you attach a screenshot?

Thanks,
Wes

Motaz Qaroush

unread,
Apr 24, 2016, 8:04:10 AM4/24/16
to securit...@googlegroups.com
Here the screen shoot
ids12.jpg

Wes Lambert

unread,
Apr 24, 2016, 8:09:36 AM4/24/16
to securit...@googlegroups.com

Have you tried clicking "No result. If this is unexpected, try this."?

What is the result of navigating to the other pages?

Have you tried logging onto Sguil to see if you can view events there?

Again, I would recommend disabling the other services I mentioned.

Thanks,
Wes

You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.

Motaz Qaroush

unread,
Apr 24, 2016, 8:28:08 AM4/24/16
to securit...@googlegroups.com
forget that
Also I installed 14.04 ...
The source and destination appear 0.0.0.0 
i change the HOME_NET  in /etc/nsm/$/snort.conf
and home_net in the file  /etc/nsm/$/prads.conf 
 and /opt/bro/etc/networks.cfg
The squert dashboard contain just 2 ip
can you help me??

Motaz Qaroush

unread,
Apr 24, 2016, 8:29:43 AM4/24/16
to securit...@googlegroups.com
Screenshoot

ids14.jpg

Motaz Qaroush

unread,
Apr 24, 2016, 8:34:43 AM4/24/16
to securit...@googlegroups.com
sostat-redacted24.txt

Wes

unread,
Apr 24, 2016, 8:42:13 AM4/24/16
to security-onion
It looks like you have many packages to update:

=========================================================================
Available updates
=========================================================================
77 packages can be updated.
54 updates are security updates.

Run 'sudo soup' to install the latest updates.

I would recommend updating as soon as possible, as well as setting your timezone appropriately:

=========================================================================
Time Zone
=========================================================================
WARNING! Timezone is NOT set to UTC!
Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TimeZones

As far as snort.conf, I'm not sure how you configured it, so it is difficult to assist.

You could try setting HOME_NET to a larger range to see if you get alerts for other addresses, then tune it as you see fit.

There are some Snort examples files here:
https://www.snort.org/configurations

If you original issue is resolved, it would be best if you posted other issues in a separate thread.

Thanks,
Wes

Motaz Qaroush

unread,
Apr 24, 2016, 8:47:06 AM4/24/16
to securit...@googlegroups.com
I will chech that and i will tell you

Tom N

unread,
Feb 28, 2017, 5:36:41 AM2/28/17
to security-onion
Any luck with this?

I have a new installation and yesterday the squert web interface was working well (from a remote computer) today i log in and see no data, however wen i run the squert web interface from the security onion server all the data is there.

Not sure what changed overnight.

Any suggestions.

Wes

unread,
Feb 28, 2017, 6:37:25 AM2/28/17
to security-onion

Tom,

Please start a new thread instead of replying to an old one:

https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists#start-a-new-thread-instead-of-replying-to-an-old-one

In your thread, please include the output of sostat-redacted, attaching as a text file, or using a service like Pastebin.com.

Thanks,
Wes

Reply all
Reply to author
Forward
0 new messages