Hello,
I recently installed SELKS 7 Docker version, but somehow i cannot generate fast.log, I am new for docker architecture, On UI, I try to update, build, push the ruleset but, it returns server 500 error. I manually copied the scirius.rules to /opt/selksd/SELKS/docker/containers-data/suricata/etc/rules/ and restart containers with "docker-compose stop" , "docker-compose down", "docker-compose up -d". Still same:( . The output of django-error logs:
2024-05-11 09:51:27,583 ERROR Internal Server Error: /rest/rules/es/health/
2024-05-11 09:51:33,574 ERROR Internal Server Error: /rest/rules/es/health/
2024-05-11 09:53:36,120 ERROR Internal Server Error: /suricata/update
Traceback (most recent call last):
File "/root/.local/lib/python3.9/site-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/root/.local/lib/python3.9/site-packages/django/core/handlers/base.py", line 115, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/root/.local/lib/python3.9/site-packages/django/core/handlers/base.py", line 113, in _get_response
response = wrapped_callback(request, *callback_args, callback_kwargs)
File "/root/.local/lib/python3.9/site-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view
return view_func(request, *args, *kwargs)
File "/opt/scirius/suricata/views.py", line 166, in update
suri.generate()
File "/opt/scirius/suricata/models.py", line 60, in generate
with open(self.output_directory + "/" + "scirius.rules", 'w') as rfile:
FileNotFoundError: [Errno 2] No such file or directory: '/opt/selksd/SELKS/docker/containers-data/suricata/etc/rules/scirius.rules'
2024-05-11 10:03:25,058 ERROR Internal Server Error: /suricata/update
Traceback (most recent call last):
File "/root/.local/lib/python3.9/site-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/root/.local/lib/python3.9/site-packages/django/core/handlers/base.py", line 115, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/root/.local/lib/python3.9/site-packages/django/core/handlers/base.py", line 113, in _get_response
response = wrapped_callback(request, callback_args, callback_kwargs)
File "/root/.local/lib/python3.9/site-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view
return view_func(request, *args, **kwargs)
File "/opt/scirius/suricata/views.py", line 166, in update
suri.generate()
File "/opt/scirius/suricata/models.py", line 60, in generate
with open(self.output_directory + "/" + "scirius.rules", 'w') as rfile:
FileNotFoundError: [Errno 2] No such file or directory: '/opt/selksd/SELKS/docker/containers-data/suricata/etc/rules/scirius.rules'
I cannot find which suricata.yaml is the main config. I change yaml file in this folder "/opt/selksd/SELKS/docker/containers-data/suricata/etc" for default rule path at the end of the .yaml.
but it changes nothing. Output of suricata logs about rules file :
Error: reputation: opening ip rep file /etc/suricata/rules/scirius-categories.txt: No such file or directory
[1 - Suricata-Main] 2024-05-11 10:13:59 Error: reputation: failed to load reputation categories file /etc/suricata/rules/scirius-categories.txt
[1 - Suricata-Main] 2024-05-11 10:13:59 Warning: classification-config: could not open: "/etc/suricata/rules/classification.config": No such file or directory
[1 - Suricata-Main] 2024-05-11 10:13:59 Error: classification-config: please check the "classification-file" option in your suricata.yaml file
[1 - Suricata-Main] 2024-05-11 10:13:59 Warning: detect: No rule files match the pattern /etc/suricata/rules/scirius.rules
[1 - Suricata-Main] 2024-05-11 10:13:59 Config: detect: No rules loaded from scirius.rules.
[1 - Suricata-Main] 2024-05-11 10:13:59 Warning: detect: 1 rule files specified, but no rules were loaded!
[1 - Suricata-Main] 2024-05-11 10:13:59 Warning: threshold-config: Error opening file: "/etc/suricata/rules/threshold.config": No such file or directory
[1 - Suricata-Main] 2024-05-11 10:13:59 Info: detect: 0 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 0 inspect application layer, 0 are decoder event only
I just want to try to operate the suricata and add rulesets with UI or not , can you advise what I am missing?
Thanks for your help.
Fast.log is disabled by default as it is legacy.
All Suricata alerts, protocol, filtransaction, flow and anomaly logs are enabled and available as JSON in eve.json as a default.
Hello, I recently installed SELKS 7 Docker version, but somehow i cannot generate fast.log, I am new for docker architecture, On UI, I try to update, build, push the ruleset but, it returns server 500 error. I manually copied the scirius.rules to /opt/selksd/SELKS/docker/containers-data/suricata/etc/rules/ and restart containers with "docker-compose stop" , "docker-compose down", "docker-compose up -d". Still same:( . The output of django-error logs:
2024-05-11 09:51:27,583 ERROR Internal Server Error: /rest/rules/es/health/ 2024-05-11 09:51:33,574 ERROR Internal Server Error: /rest/rules/es/health/ 2024-05-11 09:53:36,120 ERROR Internal Server Error: /suricata/update Traceback (most recent call last): File "/root/.local/lib/python3.9/site-packages/django/core/handlers/exception.py", line 34, in inner response = get_response(request) File "/root/.local/lib/python3.9/site-packages/django/core/handlers/base.py", line 115, in _get_response response = self.process_exception_by_middleware(e, request) File "/root/.local/lib/python3.9/site-packages/django/core/handlers/base.py", line 113, in _get_response response = wrapped_callback(request, *callback_args, callback_kwargs) File "/root/.local/lib/python3.9/site-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view return view_func(request, *args, *kwargs) File "/opt/scirius/suricata/views.py", line 166, in update suri.generate() File "/opt/scirius/suricata/models.py", line 60, in generate with open(self.output_directory + "/" + "scirius.rules", 'w') as rfile: FileNotFoundError: [Errno 2] No such file or directory: '/opt/selksd/SELKS/docker/containers-data/suricata/etc/rules/scirius.rules' 2024-05-11 10:03:25,058 ERROR Internal Server Error: /suricata/update Traceback (most recent call last): File "/root/.local/lib/python3.9/site-packages/django/core/handlers/exception.py", line 34, in inner response = get_response(request) File "/root/.local/lib/python3.9/site-packages/django/core/handlers/base.py", line 115, in _get_response response = self.process_exception_by_middleware(e, request) File "/root/.local/lib/python3.9/site-packages/django/core/handlers/base.py", line 113, in _get_response response = wrapped_callback(request, callback_args, callback_kwargs) File "/root/.local/lib/python3.9/site-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view return view_func(request, *args, **kwargs) File "/opt/scirius/suricata/views.py", line 166, in update suri.generate() File "/opt/scirius/suricata/models.py", line 60, in generate with open(self.output_directory + "/" + "scirius.rules", 'w') as rfile: FileNotFoundError: [Errno 2] No such file or directory: '/opt/selksd/SELKS/docker/containers-data/suricata/etc/rules/scirius.rules'
I cannot find which suricata.yaml is the main config. I change yaml file in this folder "/opt/selksd/SELKS/docker/containers-data/suricata/etc" for default rule path at the end of the .yaml. but it changes nothing. Output of suricata logs about rules file :
Error: reputation: opening ip rep file /etc/suricata/rules/scirius-categories.txt: No such file or directory [1 - Suricata-Main] 2024-05-11 10:13:59 Error: reputation: failed to load reputation categories file /etc/suricata/rules/scirius-categories.txt [1 - Suricata-Main] 2024-05-11 10:13:59 Warning: classification-config: could not open: "/etc/suricata/rules/classification.config": No such file or directory [1 - Suricata-Main] 2024-05-11 10:13:59 Error: classification-config: please check the "classification-file" option in your suricata.yaml file [1 - Suricata-Main] 2024-05-11 10:13:59 Warning: detect: No rule files match the pattern /etc/suricata/rules/scirius.rules [1 - Suricata-Main] 2024-05-11 10:13:59 Config: detect: No rules loaded from scirius.rules. [1 - Suricata-Main] 2024-05-11 10:13:59 Warning: detect: 1 rule files specified, but no rules were loaded! [1 - Suricata-Main] 2024-05-11 10:13:59 Warning: threshold-config: Error opening file: "/etc/suricata/rules/threshold.config": No such file or directory [1 - Suricata-Main] 2024-05-11 10:13:59 Info: detect: 0 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 0 inspect application layer, 0 are decoder event only
I just want to try to operate the suricata and add rulesets with UI or not , can you advise what I am missing? Thanks for your help.