pevma
commented
5 years ago If i understand correctly - you are trying to do an offline install right ? (no internet connection)
Open cyberdocfr opened 5 years ago
pevma
commented
5 years ago If i understand correctly - you are trying to do an offline install right ? (no internet connection)
pevma
commented
5 years ago (sorry , closed by mistake :) )
cyberdocfr
commented
5 years ago No, SELKS have an Internet connexion when I execute the Init configuration script.
Below, you can see the error message when I execute manualy the command who generate the problem:
root@SELKS:/data/moloch/raw# wget https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz --2019-03-19 16:58:48-- https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz Resolving geolite.maxmind.com (geolite.maxmind.com)... 104.17.201.89, 104.17.200.89, 2606:4700::6811:c959, ... Connecting to geolite.maxmind.com (geolite.maxmind.com)|104.17.201.89|:443... connected. GnuTLS: Error in the pull function. Unable to establish SSL connection.
pevma
commented
5 years ago Ok, Which script exactly is that ?
-- Regards, Peter Manev
On 19 Mar 2019, at 23:17, CyberDOC notifications@github.com wrote:
No, SELKS have an Internet connexion when I execute de init configuration script.
Below, you can see the error message when I execute manualy the command who generate the problem:
root@SELKS:/data/moloch/raw# wget https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz --2019-03-19 16:58:48-- https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz Resolving geolite.maxmind.com (geolite.maxmind.com)... 104.17.201.89, 104.17.200.89, 2606:4700::6811:c959, ... Connecting to geolite.maxmind.com (geolite.maxmind.com)|104.17.201.89|:443... connected. GnuTLS: Error in the pull function. Unable to establish SSL connection.
— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or mute the thread.
cyberdocfr
commented
5 years ago selks-first-time-setup_stamus.sh
pevma
commented
5 years ago I have not seen/stumbled upon that to be honest. Does this happen every time you run the script ?
cyberdocfr
commented
5 years ago Yes and I have the same situation in two emplacement with differents Internet access. I will to check if is not a time synchronization problem who to made in fail the cipher HTTPS exchange.
pevma
commented
5 years ago Ok, Please let us know how it goes!
Hello, I know SELKS from a litte time, I love this tools because he is particuliary efficient and faster to deploy for incidents response.
I have identify a problem: When I install SELKS, I configure one network interface for monitoring and another for remote administration. This second network card have an Internet connexion. Suricata works perfectly but Moloch doesn't contain pcap files. After a fast analyse, I have identify that when I execute the init script, the GeoIP databases download fails because the HTTPS connexion contains a problem but the init script continued the initialization. Sadly, the Moloch services can't starts correctly when the GeoIP databases are missing.
Do you know this problem ? What solution can you propose ?
What do you think to deposit this files before the SELKS.ISO generation ? This action can permit SELKS installation without Internet connexion.
Thank you for your time and congrat's for this product.