Snorby 2.6.2 - Dashboard is not updating since 05-04-2014. Events are updating

[jeewanthasas]

* Using Snorby 2.6.2 on Security Onion * Worker Jobs are working fine \ Once I select the "force cache update" option date remains on the dashboard as Updated: 04/05/14 12:40 PM IS.

[jeewanthasas]

Hi all,

The issue has been solved.

mysql -u root -p

use snorby; truncate table caches; exit

Now remove the 2 worker jobs (use the little trash can icon next to each worker job to remove the job)

However require a solid solution to prevent this recurring...!!!

[DkYSwe]

I have the same issue in Snorby. The fix above fixes the problem for appr. a day, then the zeroes are back.

I get the feeling that this project is in a coma, can anyone confirm? (No recent updates, no replies to forum threads, no answer on emails....)

[mnixxon]

I have the same issue except the above fix does not, even temporarily, resolve the problem. I'm running Snorby 2.6.2 on Security Onion.

[slifmatso]

Same here. Dashboard crashes all the time, even fresh after install ( of SO) . I keep getting events but dashboard is empty. Using remedy from above helps, but not for long.

[eriorr]

Same issue here, tried above solution, but it did not help at all :-/

[mnixxon]

I did a fresh install of SO and it fixed the problem for a while. However, the Dashboard now only stays updated on the 'this week', 'this month', 'this quarter', and 'this year' metrics but not 'last 24', today', or 'yesterday'.

[saullocarvalho]

Same issue here.

[miketanderson]

Has anyone experienced this when they are running a standalone version of Snorby? Or is it just when running on SO?

[saullocarvalho]

I am running Snorby on Security Onion.

[XoXowinnieXoXo]

hey miketanderson I am running Snorby 2.6.3 on a fresh debian install and i have the same problem.

I need to truncate table every time there is a new event.

[danbudris]

The timezone on the server MUST be UTC; if you've changed it, you'll likely experience issues with the Snorby dashboard not syncing right. Check out: https://github.com/Security-Onion-Solutions/security-onion/wiki/TimeZones

[modsbyus]

I have just started having this issue. My timezone is UTC-0, I have forced a cache update through the web GUI, and I have run the commands above as well as rebooted a few times. I am still getting all zeros on the Snorby interface. I can see the sensor increasing as I would expect. Should I post the output from sudo sostat here?

[TonyHoyle]

Same here. Snorby stopped monitoring at 7am this morning, for some reason. The fix made things worse, causing the status to say 'Fail' and stay there.

Next step is to reinstall SO, but it sounds like it'll just go again.

[modsbyus]

Snorby is dead. It will be removed in the next release. It's time to move to sguill and elsa.

On December 11, 2015 10:20:36 AM EST, TonyHoyle notifications@github.com wrote:

Same here. Snorby stopped monitoring at 7am this morning, for some reason. The fix made things worse, causing the status to say 'Fail' and stay there.

Next step is to reinstall SO, but it sounds like it'll just go again.

---

Reply to this email directly or view it on GitHub: https://github.com/Snorby/snorby/issues/340#issuecomment-163961831

Sent from my Android device with K-9 Mail. Please excuse my brevity.

[TonyHoyle]

Oh.. SO was the wrong choice for us then (web based monitoring is a requirement). I'll look elsewhere.

[modsbyus]

You can use squert for Web based monitoring

On December 11, 2015 10:43:58 AM EST, TonyHoyle notifications@github.com wrote:

Oh.. was the wrong choice for us then (web based monitoring is a requirement). I'll look elsewhere.

---

Reply to this email directly or view it on GitHub: https://github.com/Snorby/snorby/issues/340#issuecomment-163967954

Sent from my Android device with K-9 Mail. Please excuse my brevity.

[Rossmairm]

Have same issue running Snorby 2.6.2 on Ubuntu (16.04). However running 'truncate table caches', did not update the graphs.

[SparkyNZL]

I think its a shame this product isnt being updated any longer