SELKS-5.0RC1 selks-first-time-setup_stamus kibana6 problem

[xxaxxelxx]

selks-first-time-setup_stamus refers to not existing /opt/kibana6-dashboards and fails. Same for kibana dashboard.

[pevma]

Can you have a look at the dashboard path in /etc/scirius/local_settings.py and adjust the path to the dashboards ? I think they are located in /opt/selks/kibana...

-- Regards, Peter Manev

On 21 Mar 2019, at 10:03, xxaxxelxx notifications@github.com wrote:

selks-first-time-setup_stamus refers to /opt/kibana6-dashboards and fails. Same for kibana dashboard.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[xxaxxelxx]

Inside this file i surprisingly found the correct path: KIBANA_DASHBOARDS_PATH = "/opt/selks/kibana6-dashboards" I am confused. :)

I've had fixed the install script problem creating a symlink. Install works afterwards but kibana dashboard fails wit a really huge red banner.

[pevma]

actually you need to specify it like do - KIBANA6_DASHBOARDS_PATH = "/opt/selks/kibana6-dashboards/" (notice 6)

[pevma]

Then rerun just the dashboard reload/reset and you should be good

[pevma]

that reload I meant (as described here) - https://github.com/StamusNetworks/SELKS/wiki/SELKS-5.0-RC1/_edit#kibana-dashboards

[xxaxxelxx]

Done. Install test runs fine. Reload done. Reboooted. Kibana Dashboard still returns a simple big red 'Kibana did not load properly. Check the server output for more information.' service kibana start/stop didn't drop any information. Grep'ed some logs but still found no info. Maybe i have to rename all KIBANA Variables in local_settings.py to KIBANA6 ?

Huge thanx you for your help btw... :)

[pevma]

Yes - you need to do as i mentioned here - https://github.com/StamusNetworks/SELKS/issues/167#issuecomment-475160133 :: KIBANA6_DASHBOARDS_PATH = "/opt/selks/kibana6-dashboards/" Just this one not all.

[xxaxxelxx]

Did. No success.

Think i will try it tomorrow again. ;)

Huge thanx again for your really fast help.

Greetings from potsdam/germany, have a nice day!

[pevma]

Can you paste the content of your local_settings.py ?

-- Regards, Peter Manev

On 21 Mar 2019, at 12:50, xxaxxelxx notifications@github.com wrote:

Did. No success. Found '/opt/kibana6-dashboards' in

/usr/share/python/scirius/lib/python2.7/site-packages/scirius/settings.pyc

Changed it. Reload + service kibana restart.

Got this:

Environment:

Request Method: GET Request URL: https://nids.inbbradio.de/app/kibana

Django Version: 1.11.20 Python Version: 2.7.13 Installed Applications: (u'django.contrib.admin', u'django.contrib.auth', u'django.contrib.contenttypes', u'django.contrib.sessions', u'django.contrib.messages', u'django.contrib.staticfiles', u'django_tables2', u'bootstrap3', u'dbbackup', u'viz', u'rules', u'suricata', u'accounts', u'rest_framework', u'rest_framework.authtoken', u'django_filters', u'webpack_loader', u'revproxy') Installed Middleware: [u'django.middleware.security.SecurityMiddleware', u'django.contrib.sessions.middleware.SessionMiddleware', u'django.middleware.common.CommonMiddleware', u'django.middleware.csrf.CsrfViewMiddleware', u'django.contrib.auth.middleware.AuthenticationMiddleware', u'django.contrib.messages.middleware.MessageMiddleware', u'django.middleware.clickjacking.XFrameOptionsMiddleware', u'scirius.loginrequired.LoginRequiredMiddleware', u'scirius.utils.TimezoneMiddleware']

Traceback:

File "/usr/share/python/scirius/lib/python2.7/site-packages/django/core/handlers/exception.py" in inner

41. response = get_response(request)

File "/usr/share/python/scirius/lib/python2.7/site-packages/django/core/handlers/base.py" in _get_response

187. response = self.process_exception_by_middleware(e, request)

File "/usr/share/python/scirius/lib/python2.7/site-packages/django/core/handlers/base.py" in _get_response

185. response = wrapped_callback(request, *callback_args, **callback_kwargs)

File "/usr/share/python/scirius/lib/python2.7/site-packages/django/views/generic/base.py" in view

68. return self.dispatch(request, *args, **kwargs)

File "/usr/share/python/scirius/lib/python2.7/site-packages/revproxy/views.py" in dispatch

204. proxy_response = self._created_proxy_response(request, path)

File "/usr/share/python/scirius/lib/python2.7/site-packages/revproxy/views.py" in _created_proxy_response

161. preload_content=False)

File "/usr/share/python/scirius/lib/python2.7/site-packages/urllib3/poolmanager.py" in urlopen

323. response = conn.urlopen(method, u.request_uri, **kw)

File "/usr/share/python/scirius/lib/python2.7/site-packages/urllib3/connectionpool.py" in urlopen

667. **response_kw)

File "/usr/share/python/scirius/lib/python2.7/site-packages/urllib3/connectionpool.py" in urlopen

667. **response_kw)

File "/usr/share/python/scirius/lib/python2.7/site-packages/urllib3/connectionpool.py" in urlopen

667. **response_kw)

File "/usr/share/python/scirius/lib/python2.7/site-packages/urllib3/connectionpool.py" in urlopen

638. _stacktrace=sys.exc_info()[2])

File "/usr/share/python/scirius/lib/python2.7/site-packages/urllib3/util/retry.py" in increment

398. raise MaxRetryError(_pool, url, error or ResponseError(cause))

Exception Type: MaxRetryError at /app/kibana Exception Value: HTTPConnectionPool(host='localhost', port=5601): Max retries exceeded with url: /app/kibana (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f72e51c7950>: Failed to establish a new connection: [Errno 111] Connection refused',))

Think i will try it tomorrow again. ;)

Huge thanx again for your really fast help.

Greetings from potsdam/germany, have a nice day!

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[xxaxxelxx]

sure:

---

local_settings.py.txt

[pevma]

Which Scirius package version do you have ?

-- Regards, Peter Manev

On 21 Mar 2019, at 13:19, xxaxxelxx notifications@github.com wrote:

sure:

""" Django settings for scirius project.

For more information on this file, see https://docs.djangoproject.com/en/1.6/topics/settings/

For the full list of settings and their values, see https://docs.djangoproject.com/en/1.6/ref/settings/ """

Build paths inside the project like this: os.path.join(BASE_DIR, ...)

import os BASE_DIR = "/var/lib/scirius/" GIT_SOURCES_BASE_DIRECTORY = os.path.join(BASE_DIR, 'git-sources/')

Quick-start development settings - unsuitable for production

See https://docs.djangoproject.com/en/1.6/howto/deployment/checklist/

SECURITY WARNING: keep the secret key used in production secret!

FIXME: generate this

SECRET_KEY = 'p7o6%vq))7h3li08c%k3id(wwo*u(^dbdmx2tv#t(tb2pr9@n-' USE_ELASTICSEARCH = True ELASTICSEARCH_ADDRESS = "localhost:9200" ELASTICSEARCH_VERSION = 6 KIBANA_VERSION = 6 KIBANA_INDEX = ".kibana" KIBANA_URL = "http://localhost:5601" KIBANA_DASHBOARDS_PATH = "/opt/selks/kibana6-dashboards/" KIBANA6_DASHBOARDS_PATH = "/opt/selks/kibana6-dashboards/" USE_KIBANA = True KIBANA_PROXY = True

SURICATA_UNIX_SOCKET = "/var/run/suricata/suricata-command.socket"

USE_EVEBOX = True EVEBOX_ADDRESS = "localhost:5636"

USE_SURICATA_STATS = True USE_LOGSTASH_STATS = True STATIC_ROOT="/var/lib/scirius/static/"

DATABASES = { 'default': { 'ENGINE': 'django.db.backends.sqlite3', 'NAME': os.path.join(BASE_DIR, 'db', 'db.sqlite3'), } } DBBACKUP_STORAGE_OPTIONS = {'location': '/var/backups/'}

ELASTICSEARCH_LOGSTASH_ALERT_INDEX="logstash-alert-"

SURICATA_NAME_IS_HOSTNAME = True

ALLOWED_HOSTS=["*"] ELASTICSEARCH_KEYWORD = "keyword"

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[xxaxxelxx]

scirius is 3.2.0-1

[pevma]

It worked on my testing. Did you try restarting it ?

-- Regards, Peter Manev

On 21 Mar 2019, at 13:37, xxaxxelxx notifications@github.com wrote:

scirius is 3.2.0-1

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[xxaxxelxx]

yeah. even rebooted. same result. when i have had run into the kibana path problem ive had done selks-upgrade_stamus first and after no succes i did selks-secondstage-upgrade_stamus. Maybe someting went wrong... I think it's the best to have a coffee and to re-install the machine from the scratch now. I will report you in abt one hour. :)

[pevma]

Ok. If you reinstall - just do the first time set up , after that run the upgrade (second stage is automatically triggered ), make the change in the Scirius local settings config and then try the reset (both GUI and cmd maybe).

-- Regards, Peter Manev

On 21 Mar 2019, at 13:48, xxaxxelxx notifications@github.com wrote:

yeah. even rebooted. same result. when i have had run into the kibana path problem ive had done selks-upgrade_stamus first and after no succes i did selks-secondstage-upgrade_stamus. Maybe someting went wrong... I think it's the best to have a coffee and to re-install the machine from the scratch now. I will report you in abt one hour. :)

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[xxaxxelxx]

reinstalled. first changed the path - then had run the first-setup-script. It works. Is the reset triggered at reboot?

Next i will try the upgrade.

[xxaxxelxx]

upgrade killed kibana.... :|

did reset after upgrade and got this: (see attached file. selks.txt )

[xxaxxelxx]

Will have another coffee, reinstall it again and wait for RC2. :) Thanx a lot for your help and time.

[pevma]

There is a Kibana/nginx bug that has a fix here - https://github.com/StamusNetworks/SELKS/wiki/SELKS-5.0-RC1#elk-stack-6-6-0-nginx-config-change-needed (Hope that will solve the Kibana issue if it is the same)

The second error - how do you get that ? Did you try the cmd command ( https://github.com/StamusNetworks/SELKS/wiki/SELKS-5.0-RC1#kibana-dashboards ) as root ?

-- Regards, Peter Manev

On 21 Mar 2019, at 15:21, xxaxxelxx notifications@github.com wrote:

Will have another coffee, reinstall it again and wait for RC2. :) Thanx a lot for your help and time.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[xxaxxelxx]

Good morning! My fault - checked my history: damn, forgot to switch to root. Reset works fine - and HOLY S:::T! : Kibana works too. Thank you very much (!) for helping a rookie! Wish you a happy weekend!