securityonion-elastic: container status scripts should check system uptime before declaring fail

Security-Onion-Solutions / security-onion

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

https://securityonion.net

3.06k stars 521 forks source link

securityonion-elastic: container status scripts should check system uptime before declaring fail #1686

Closed dougburks closed 4 years ago

dougburks commented 4 years ago

If a user runs so-status right after the system boots, all Elastic containers are marked FAIL. This may be misleading and may cause the user to try to manually start the containers.

Update the status scripts so that if the container is not yet running, then check the system uptime. If it has recently booted, then show container status as WARN.

defensivedepth commented 4 years ago

Looks good!

dougburks commented 4 years ago

Published: https://blog.securityonion.net/2020/02/zeek-301-elastic-686-and-cyberchef-9120.html