[prev in list] [next in list] [prev in thread] [next in thread]
List: security-onion
Subject: Re: [security-onion] ELSA has no new data since December 12th
From: S Marouchoc <snm.grr () gmail ! com>
Date: 2014-02-28 15:00:56
Message-ID: CALx=DgcS9-psvqFLjyB81VqUgjwyN-Bk5u=o6gU7A=9qw4JNbg () mail ! gmail ! com
[Download RAW message or body]
I tae that back, I clicked the OSSEC alerts filter and I seem them. Looking
at Syslog NG, there is data now at the first report, but when I attempt to
drill down, it fails. Maybe it's still building?
On Fri, Feb 28, 2014 at 9:55 AM, S Marouchoc <snm.grr@gmail.com> wrote:
> Gottcha. Still no results, even form the older dates. That said, it
> looks like the buffers cleared...
> ~$ ls -alh /nsm/elsa/data/elsa/tmp/buffers
> total 1.4M
> drwxr-xr-x 2 root root 1.4M Feb 28 14:54 .
> drwxr-xr-x 3 root root 4.0K Jun 10 2013 ..
> -rw-r--r-- 1 root root 21K Feb 28 14:54 1393599210.29524
> -rw-r--r-- 1 root root 49 Feb 28 14:54 host_stats.tsv
> $
>
>
>
>
> On Fri, Feb 28, 2014 at 9:42 AM, Doug Burks <doug.burks@gmail.com> wrote:
>
> > On Fri, Feb 28, 2014 at 9:36 AM, S Marouchoc <snm.grr@gmail.com> wrote:
> > > Those ARE gone - and now, when I log into ELSA< I no longer have the
> > menu of
> > > canned searches down the left side,
> >
> > Sounds like you went to https://onion:3154 instead of
> > https://onion/elsa. The second URL should give you the menu of canned
> > searches.
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "security-onion" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to security-onion+unsubscribe@googlegroups.com.
> > To post to this group, send email to security-onion@googlegroups.com.
> > Visit this group at http://groups.google.com/group/security-onion.
> > For more options, visit https://groups.google.com/groups/opt_out.
> >
>
>
--
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
http://groups.google.com/group/security-onion. For more options, visit \
https://groups.google.com/groups/opt_out.
[Attachment #3 (text/html)]
<div dir="ltr">I tae that back, I clicked the OSSEC alerts filter and I seem them. \
Looking at Syslog NG, there is data now at the first report, but when I attempt to \
drill down, it fails. Maybe it's still building?</div> <div \
class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Feb 28, 2014 at 9:55 AM, \
S Marouchoc <span dir="ltr"><<a href="mailto:snm.grr@gmail.com" \
target="_blank">snm.grr@gmail.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"> <div dir="ltr">Gottcha. Still no results, even form the \
older dates. That said, it looks like the buffers cleared...<div><div>~$ ls -alh \
/nsm/elsa/data/elsa/tmp/buffers</div><div>total 1.4M</div><div>drwxr-xr-x 2 root root \
1.4M Feb 28 14:54 .</div>
<div>drwxr-xr-x 3 root root 4.0K Jun 10 2013 ..</div><div>-rw-r--r-- 1 root root \
21K Feb 28 14:54 1393599210.29524</div><div>-rw-r--r-- 1 root root 49 Feb 28 14:54 \
host_stats.tsv</div><div>$ </div></div><div><br></div>
<div><br></div></div><div class="HOEnZb"><div class="h5"><div \
class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Feb 28, 2014 at 9:42 AM, \
Doug Burks <span dir="ltr"><<a href="mailto:doug.burks@gmail.com" \
target="_blank">doug.burks@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div>On Fri, Feb 28, 2014 at 9:36 AM, S Marouchoc <<a \
href="mailto:snm.grr@gmail.com" target="_blank">snm.grr@gmail.com</a>> wrote:<br>
> Those ARE gone - and now, when I log into ELSA< I no longer have the menu \
of<br> > canned searches down the left side,<br>
<br>
</div>Sounds like you went to <a href="https://onion:3154" \
target="_blank">https://onion:3154</a> instead of<br> <a href="https://onion/elsa" \
target="_blank">https://onion/elsa</a>. The second URL should give you the menu of \
canned<br> searches.<br>
<div><div><br>
--<br>
You received this message because you are subscribed to the Google Groups \
"security-onion" group.<br> To unsubscribe from this group and stop \
receiving emails from it, send an email to <a \
href="mailto:security-onion%2Bunsubscribe@googlegroups.com" \
target="_blank">security-onion+unsubscribe@googlegroups.com</a>.<br> To post to this \
group, send email to <a href="mailto:security-onion@googlegroups.com" \
target="_blank">security-onion@googlegroups.com</a>.<br> Visit this group at <a \
href="http://groups.google.com/group/security-onion" \
target="_blank">http://groups.google.com/group/security-onion</a>.<br> For more \
options, visit <a href="https://groups.google.com/groups/opt_out" \
target="_blank">https://groups.google.com/groups/opt_out</a>.<br> \
</div></div></blockquote></div><br></div> </div></div></blockquote></div><br></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups \
"security-onion" group.<br /> To unsubscribe from this group and stop \
receiving emails from it, send an email to \
security-onion+unsubscribe@googlegroups.com.<br /> To post to this group, send email \
to security-onion@googlegroups.com.<br /> Visit this group at <a \
href="http://groups.google.com/group/security-onion">http://groups.google.com/group/security-onion</a>.<br \
/> For more options, visit <a \
href="https://groups.google.com/groups/opt_out">https://groups.google.com/groups/opt_out</a>.<br \
/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic