cannot login into ELSA

311 views
Skip to first unread message

Jane

unread,
Feb 18, 2014, 10:55:18 AM2/18/14
to securit...@googlegroups.com
Hi All,
Thanks in advance for help.
I installed Security Onion on Ubuntu 12.04 LTS (so far Server option).
I can log in into Snorby, but not into ELSA or Squert.
When logging into ELSA (via Chrome browser) the following message appears: "The server https://localhost:3154 requires a username and password. The server says: restricted area.
Run sudo sostat-redacted. It shows ELSA Buffers in Queue : -rw-r--r-- 1 root root
Currently logged in as user with admin privileges.
Thanks,
Jane :)

Scott Runnels

unread,
Feb 18, 2014, 10:58:16 AM2/18/14
to securit...@googlegroups.com
Are you using the username you set up for sguil (not the email address you set up that you use in Snorby)?

Scott Runnels




--
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at http://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/groups/opt_out.

Jane

unread,
Feb 18, 2014, 11:06:26 AM2/18/14
to securit...@googlegroups.com
Hi Scott,
Yes, I use username and password (it is the same for Sguil, Squert and Elsa). It is correct since the error is ".... restricted area".
Thanks,
Jane

Scott Runnels

unread,
Feb 18, 2014, 11:19:52 AM2/18/14
to securit...@googlegroups.com
First step is going to be ensure that your account details are in the securityonion_db user_info table:

run the following command:
 mysql -uroot -Dsecurityonion_db -e 'select * FROM user_info'

And check that the username you set during install is there. 

Scott Runnels



Jane

unread,
Feb 18, 2014, 11:28:19 AM2/18/14
to securit...@googlegroups.com
No, I am not there, have only defaults:
username - auto, last_login - yesterday, password - NULL, email - none, type - user, timeout- 5000 tzo - +00
Jane

Scott Runnels

unread,
Feb 18, 2014, 11:30:08 AM2/18/14
to securit...@googlegroups.com
Try adding a user with:

sudo nsm_server_user-add



Scott Runnels



Jane

Jane

unread,
Feb 18, 2014, 12:24:58 PM2/18/14
to securit...@googlegroups.com
Works on ELSA and Squert,thanks Scott.
How to start Squil from command line?
Thanks,
Jane

Scott Runnels

unread,
Feb 18, 2014, 12:27:07 PM2/18/14
to securit...@googlegroups.com
/usr/bin/sguil.tk


Scott Runnels



Doug Burks

unread,
Feb 18, 2014, 4:26:51 PM2/18/14
to securit...@googlegroups.com
On Tue, Feb 18, 2014 at 12:24 PM, Jane <cheerf...@gmail.com> wrote:
> Works on ELSA and Squert,thanks Scott.

I'm not sure I understand how you had an empty user_info table. Setup
should have created the username/password that you specified.

After completing Setup, did you manually make any changes?

Can you send your /var/log/nsm/sosetup.log?

Jane

unread,
Feb 19, 2014, 3:34:19 PM2/19/14
to securit...@googlegroups.com
Hi Doug,
I build server, loaded SecurityOnion, cloned hard drive, and Setup Onion on new hard drive. (it shouldn't matter anyway since it is Linux).
I didn't have any links on my desktop so I had to manually re-create those looking at your youtube tutorials.
Where should I send sosetup?
Thanks,
Jane

Doug Burks

unread,
Feb 19, 2014, 3:38:25 PM2/19/14
to securit...@googlegroups.com
On Wed, Feb 19, 2014 at 3:34 PM, Jane <cheerf...@gmail.com> wrote:
> Where should I send sosetup?

Please attach /var/log/nsm/sosetup.log to your email.


--
Doug Burks

Doug Burks

unread,
Feb 19, 2014, 4:37:06 PM2/19/14
to securit...@googlegroups.com
Delete Server
All configurations and collected data for server "securityonion" will
be deleted.

Do you want to continue? (Y/N) [N]:
[1;34mDeleting server: [0;39m [0;39m

[0;34m* [0;39m removing configuration files
[128C [8D [0;39m[ [1;32m OK [0;39m]

[0;34m* [0;39m removing collected data files
[128C [8D [0;39m[ [1;32m OK [0;39m]

[0;34m* [0;39m removing database
[128C [8D [0;39m[ [1;32m OK [0;39m]

[0;34m* [0;39m updating the server table
[128C [8D [0;39m[ [1;32m OK [0;39m]
Skipping adding existing rule
Skipping adding existing rule (v6)
Skipping adding existing rule
Skipping adding existing rule (v6)
Skipping adding existing rule
Skipping adding existing rule (v6)
Firewall is active and enabled on system startup
# Please wait while creating the Sguil server...

[1;34mCreating new server: securityonion [0;39m [0;39m

================================================

I don't see any errors here, but I notice that it had to delete the
existing server. Had you previously run Setup and this is from
re-running Setup? Generally this should work fine, but perhaps there
was something it was unable to delete or rewrite correctly, which
resulted in the user_info table being empty.
--
Doug Burks

Jane

unread,
Feb 19, 2014, 4:49:22 PM2/19/14
to securit...@googlegroups.com
Yes,
You are correct, I re-run Setup second time.
I still cannot login into Squil. It is not in /usr/local/bin/squil.tk or in /usr/bin/squil.tk.
Thanks,
Jane :)

Doug Burks

unread,
Feb 19, 2014, 4:50:23 PM2/19/14
to securit...@googlegroups.com
Please note that it's sguil with a "g" not a "q".
> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/groups/opt_out.



--
Doug Burks

Jane

unread,
Feb 19, 2014, 4:51:41 PM2/19/14
to securit...@googlegroups.com
Sorry, just logged in.
Thanks a lot for your fast replies!
Jane :)
Reply all
Reply to author
Forward
0 new messages