You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
I recently installed SELKS 7 Docker version, but somehow i cannot generate fast.log, I am new for docker architecture, On UI, I try to update, build, push the ruleset but, it returns server 500 error. I manually copied the scirius.rules to /opt/selksd/SELKS/docker/containers-data/suricata/etc/rules/ and restart containers with "docker-compose stop" , "docker-compose down", "docker-compose up -d". Still same:( . The output of django-error logs:
2024-05-11 09:51:27,583 ERROR Internal Server Error: /rest/rules/es/health/
2024-05-11 09:51:33,574 ERROR Internal Server Error: /rest/rules/es/health/
2024-05-11 09:53:36,120 ERROR Internal Server Error: /suricata/update
Traceback (most recent call last):
File "/root/.local/lib/python3.9/site-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/root/.local/lib/python3.9/site-packages/django/core/handlers/base.py", line 115, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/root/.local/lib/python3.9/site-packages/django/core/handlers/base.py", line 113, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/root/.local/lib/python3.9/site-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view
return view_func(request, *args, **kwargs)
File "/opt/scirius/suricata/views.py", line 166, in update
suri.generate()
File "/opt/scirius/suricata/models.py", line 60, in generate
with open(self.output_directory + "/" + "scirius.rules", 'w') as rfile:
FileNotFoundError: [Errno 2] No such file or directory: '/opt/selksd/SELKS/docker/containers-data/suricata/etc/rules/scirius.rules'
2024-05-11 10:03:25,058 ERROR Internal Server Error: /suricata/update
Traceback (most recent call last):
File "/root/.local/lib/python3.9/site-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/root/.local/lib/python3.9/site-packages/django/core/handlers/base.py", line 115, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/root/.local/lib/python3.9/site-packages/django/core/handlers/base.py", line 113, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/root/.local/lib/python3.9/site-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view
return view_func(request, *args, **kwargs)
File "/opt/scirius/suricata/views.py", line 166, in update
suri.generate()
File "/opt/scirius/suricata/models.py", line 60, in generate
with open(self.output_directory + "/" + "scirius.rules", 'w') as rfile:
FileNotFoundError: [Errno 2] No such file or directory: '/opt/selksd/SELKS/docker/containers-data/suricata/etc/rules/scirius.rules'
I cannot find which suricata.yaml is the main config. I change yaml file in this folder "/opt/selksd/SELKS/docker/containers-data/suricata/etc" for default rule path at the end of the .yaml.
but it changes nothing. Output of suricata logs about rules file :
Error: reputation: opening ip rep file /etc/suricata/rules/scirius-categories.txt: No such file or directory
[1 - Suricata-Main] 2024-05-11 10:13:59 Error: reputation: failed to load reputation categories file /etc/suricata/rules/scirius-categories.txt
[1 - Suricata-Main] 2024-05-11 10:13:59 Warning: classification-config: could not open: "/etc/suricata/rules/classification.config": No such file or directory
[1 - Suricata-Main] 2024-05-11 10:13:59 Error: classification-config: please check the "classification-file" option in your suricata.yaml file
[1 - Suricata-Main] 2024-05-11 10:13:59 Warning: detect: No rule files match the pattern /etc/suricata/rules/scirius.rules
[1 - Suricata-Main] 2024-05-11 10:13:59 Config: detect: No rules loaded from scirius.rules.
[1 - Suricata-Main] 2024-05-11 10:13:59 Warning: detect: 1 rule files specified, but no rules were loaded!
[1 - Suricata-Main] 2024-05-11 10:13:59 Warning: threshold-config: Error opening file: "/etc/suricata/rules/threshold.config": No such file or directory
[1 - Suricata-Main] 2024-05-11 10:13:59 Info: detect: 0 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 0 inspect application layer, 0 are decoder event only
I just want to try to operate the suricata and add rulesets with UI or not , can you advise what I am missing?
Thanks for your help.
The text was updated successfully, but these errors were encountered:
Fast.log is disabled by default as it is legacy.
All Suricata alerts, protocol, filtransaction, flow and anomaly logs are enabled and available as JSON in eve.json as a default.
Hello,
I recently installed SELKS 7 Docker version, but somehow i cannot generate fast.log, I am new for docker architecture, On UI, I try to update, build, push the ruleset but, it returns server 500 error. I manually copied the scirius.rules to /opt/selksd/SELKS/docker/containers-data/suricata/etc/rules/ and restart containers with "docker-compose stop" , "docker-compose down", "docker-compose up -d". Still same:( . The output of django-error logs:
2024-05-11 09:51:27,583 ERROR Internal Server Error: /rest/rules/es/health/
2024-05-11 09:51:33,574 ERROR Internal Server Error: /rest/rules/es/health/
2024-05-11 09:53:36,120 ERROR Internal Server Error: /suricata/update
Traceback (most recent call last):
File "/root/.local/lib/python3.9/site-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/root/.local/lib/python3.9/site-packages/django/core/handlers/base.py", line 115, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/root/.local/lib/python3.9/site-packages/django/core/handlers/base.py", line 113, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/root/.local/lib/python3.9/site-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view
return view_func(request, *args, **kwargs)
File "/opt/scirius/suricata/views.py", line 166, in update
suri.generate()
File "/opt/scirius/suricata/models.py", line 60, in generate
with open(self.output_directory + "/" + "scirius.rules", 'w') as rfile:
FileNotFoundError: [Errno 2] No such file or directory: '/opt/selksd/SELKS/docker/containers-data/suricata/etc/rules/scirius.rules'
2024-05-11 10:03:25,058 ERROR Internal Server Error: /suricata/update
Traceback (most recent call last):
File "/root/.local/lib/python3.9/site-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/root/.local/lib/python3.9/site-packages/django/core/handlers/base.py", line 115, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/root/.local/lib/python3.9/site-packages/django/core/handlers/base.py", line 113, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/root/.local/lib/python3.9/site-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view
return view_func(request, *args, **kwargs)
File "/opt/scirius/suricata/views.py", line 166, in update
suri.generate()
File "/opt/scirius/suricata/models.py", line 60, in generate
with open(self.output_directory + "/" + "scirius.rules", 'w') as rfile:
FileNotFoundError: [Errno 2] No such file or directory: '/opt/selksd/SELKS/docker/containers-data/suricata/etc/rules/scirius.rules'
I cannot find which suricata.yaml is the main config. I change yaml file in this folder "/opt/selksd/SELKS/docker/containers-data/suricata/etc" for default rule path at the end of the .yaml.
but it changes nothing. Output of suricata logs about rules file :
Error: reputation: opening ip rep file /etc/suricata/rules/scirius-categories.txt: No such file or directory
[1 - Suricata-Main] 2024-05-11 10:13:59 Error: reputation: failed to load reputation categories file /etc/suricata/rules/scirius-categories.txt
[1 - Suricata-Main] 2024-05-11 10:13:59 Warning: classification-config: could not open: "/etc/suricata/rules/classification.config": No such file or directory
[1 - Suricata-Main] 2024-05-11 10:13:59 Error: classification-config: please check the "classification-file" option in your suricata.yaml file
[1 - Suricata-Main] 2024-05-11 10:13:59 Warning: detect: No rule files match the pattern /etc/suricata/rules/scirius.rules
[1 - Suricata-Main] 2024-05-11 10:13:59 Config: detect: No rules loaded from scirius.rules.
[1 - Suricata-Main] 2024-05-11 10:13:59 Warning: detect: 1 rule files specified, but no rules were loaded!
[1 - Suricata-Main] 2024-05-11 10:13:59 Warning: threshold-config: Error opening file: "/etc/suricata/rules/threshold.config": No such file or directory
[1 - Suricata-Main] 2024-05-11 10:13:59 Info: detect: 0 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 0 inspect application layer, 0 are decoder event only
I just want to try to operate the suricata and add rulesets with UI or not , can you advise what I am missing?
Thanks for your help.
The text was updated successfully, but these errors were encountered: