[prev in list] [next in list] [prev in thread] [next in thread]
List: security-onion
Subject: Re: [security-onion] Sensor issue
From: enderst <enderst () gmail ! com>
Date: 2019-11-27 22:39:21
Message-ID: c6519e41-8932-4d81-bcc8-331548253601 () googlegroups ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
sudo salt "*" test.ping
fails on that node as well but normal ping is good.
On Wednesday, November 27, 2019 at 2:57:34 PM UTC-7, enderst wrote:
>
> Minion did not return. [Not connected]
>
> Simple fix or should I wipe it and start over?
>
> I knew there was a salt command I could run but couldn't find it, only
> seen so-nids-restart in the Suppressions section.
>
> On Wednesday, November 27, 2019 at 5:49:11 AM UTC-7, Wes wrote:
> >
> > Are there any errors in the salt output when performing a highstate?
> >
> > ex.
> >
> > sudo salt "*" state.highstate
> >
> > On Tue, Nov 26, 2019 at 2:40 PM enderst <end...@gmail.com> wrote:
> >
> > > I have a Master, Storage and two Sensors.
> > > When I add to /etc/nsm/rules/threshold.conf on Master the changes get
> > > pushed to one sensor but not the other.
> > > Is there logging somewhere that shows the push attempt and failure?
> > >
> > > Also, Kibana shows I have 5 sensors and 4 devices. I only have a Master,
> > > Storage and two Sensors.
> > > How can I fix that count?
> > >
> > > --
> > > Follow Security Onion on Twitter!
> > > https://twitter.com/securityonion
> > > ---
> > > You received this message because you are subscribed to the Google
> > > Groups "security-onion" group.
> > > To unsubscribe from this group and stop receiving emails from it, send
> > > an email to securit...@googlegroups.com.
> > > To view this discussion on the web visit
> > > https://groups.google.com/d/msgid/security-onion/a5aca713-7a51-40a3-83ec-cb625452aafd%40googlegroups.com \
> > > <https://groups.google.com/d/msgid/security-onion/a5aca713-7a51-40a3-83ec-cb625452aafd%40googlegroups.com?utm_medium=email&utm_source=footer>
> > >
> > > .
> > >
> >
> >
> > --
> > https://twitter.com/therealwlambert
> > https://securityonion.net/
> >
>
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To view this \
discussion on the web visit \
https://groups.google.com/d/msgid/security-onion/c6519e41-8932-4d81-bcc8-331548253601%40googlegroups.com.
[Attachment #5 (text/html)]
<div dir="ltr">sudo salt "*" test.ping<div>fails on that node as well but \
normal ping is good.</div><div><br></div><div><br>On Wednesday, November 27, 2019 at \
2:57:34 PM UTC-7, enderst wrote:<blockquote class="gmail_quote" style="margin: \
0;margin-left: 0.8ex;border-left: 1px #ccc solid;padding-left: 1ex;"><div \
dir="ltr">Minion did not return. [Not connected]<div><br></div><div>Simple fix or \
should I wipe it and start over?<br></div><div><br></div><div>I knew there was a salt \
command I could run but couldn't find it, only seen so-nids-restart in the \
Suppressions section.</div><div><br></div><div>On Wednesday, November 27, 2019 at \
5:49:11 AM UTC-7, Wes wrote:<blockquote class="gmail_quote" \
style="margin:0;margin-left:0.8ex;border-left:1px #ccc solid;padding-left:1ex"><div \
dir="ltr">Are there any errors in the salt output when performing a \
highstate?<div><br></div><div>ex.</div><div><br></div><div>sudo salt "*" \
state.highstate</div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Nov \
26, 2019 at 2:40 PM enderst <<a rel="nofollow">end...@gmail.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I have \
a Master, Storage and two Sensors.<div>When I add to \
/etc/nsm/rules/threshold.<wbr>conf on Master the changes get pushed to one sensor but \
not the other.</div><div>Is there logging somewhere that shows the push attempt and \
failure?</div><div><br></div><div>Also, Kibana shows I have 5 sensors and 4 devices. \
I only have a Master, Storage and two Sensors.</div><div>How can I fix that \
count?</div></div>
<p></p>
-- <br>
Follow Security Onion on Twitter!<br>
<a href="https://twitter.com/securityonion" rel="nofollow" target="_blank" \
onmousedown="this.href='https://www.google.com/url?q\x3dhttps%3A%2F%2Ftwitter.com% \
2Fsecurityonion\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHNMnY1vK-8tlz3CaZH4C4o8Ee15A';return \
true;" onclick="this.href='https://www.google.com/url?q\x3dhttps%3A%2F%2Ftwitter.c \
om%2Fsecurityonion\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHNMnY1vK-8tlz3CaZH4C4o8Ee15A';return \
true;">https://twitter.com/<wbr>securityonion</a><br>
--- <br>
You received this message because you are subscribed to the Google Groups \
"security-onion" group.<br> To unsubscribe from this group and stop \
receiving emails from it, send an email to <a \
rel="nofollow">securit...@googlegroups.com</a>.<br> To view this discussion on the \
web visit <a href="https://groups.google.com/d/msgid/security-onion/a5aca713-7a51-40a3-83ec-cb625452aafd%40googlegroups.com?utm_medium=email&utm_source=footer" \
rel="nofollow" target="_blank" \
onmousedown="this.href='https://groups.google.com/d/msgid/security-onion/a5aca713- \
7a51-40a3-83ec-cb625452aafd%40googlegroups.com?utm_medium\x3demail\x26utm_source\x3dfooter';return \
true;" onclick="this.href='https://groups.google.com/d/msgid/security-onion/a5aca7 \
13-7a51-40a3-83ec-cb625452aafd%40googlegroups.com?utm_medium\x3demail\x26utm_source\x3dfooter';return \
true;">https://groups.google.com/d/<wbr>msgid/security-onion/a5aca713-<wbr>7a51-40a3-83ec-cb625452aafd%<wbr>40googlegroups.com</a>.<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr"><div \
dir="ltr"><span style="font-size:12.8px"><a \
href="https://twitter.com/therealwlambert" rel="nofollow" target="_blank" \
onmousedown="this.href='https://www.google.com/url?q\x3dhttps%3A%2F%2Ftwitter.com% \
2Ftherealwlambert\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNG666idtkwCwosS-4tj5dxuJeM23w';return \
true;" onclick="this.href='https://www.google.com/url?q\x3dhttps%3A%2F%2Ftwitter.c \
om%2Ftherealwlambert\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNG666idtkwCwosS-4tj5dxuJeM23w';return \
true;">https://twitter.com/<wbr>therealwlambert</a></span><br><div><span \
style="font-size:12.8px"><a href="https://securityonion.net/" rel="nofollow" \
target="_blank" onmousedown="this.href='https://www.google.com/url?q\x3dhttps%3A%2 \
F%2Fsecurityonion.net%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNE0UObFk4OS_ixLUv1QwQVilxwkHA';return \
true;" onclick="this.href='https://www.google.com/url?q\x3dhttps%3A%2F%2Fsecurityo \
nion.net%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNE0UObFk4OS_ixLUv1QwQVilxwkHA';return \
true;">https://securityonion.net/</a></span><br></div></div></div> \
</blockquote></div></div></blockquote></div></div>
<p></p>
-- <br />
Follow Security Onion on Twitter!<br />
<a href="https://twitter.com/securityonion">https://twitter.com/securityonion</a><br \
/>
--- <br />
You received this message because you are subscribed to the Google Groups \
"security-onion" group.<br /> To unsubscribe from this group and stop \
receiving emails from it, send an email to <a \
href="mailto:security-onion+unsubscribe@googlegroups.com">security-onion+unsubscribe@googlegroups.com</a>.<br \
/> To view this discussion on the web visit <a \
href="https://groups.google.com/d/msgid/security-onion/c6519e41-8932-4d81-bcc8-3315482 \
53601%40googlegroups.com?utm_medium=email&utm_source=footer">https://groups.google.com \
/d/msgid/security-onion/c6519e41-8932-4d81-bcc8-331548253601%40googlegroups.com</a>.<br \
/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic