search

StamusNetworks / scirius

Scirius is a web application for Suricata ruleset management and threat hunting.
GNU General Public License v3.0
626 stars 150 forks source link

Scirius install errors #186

Closed josass closed 5 years ago

josass commented 5 years ago

Have been attempting to install Scirius following this "https://scirius.readthedocs.io/en/latest/installation-ce.html" install guide. Installing this on an Ubuntu 18.04 LXD npminstall-requirespeer Container running Suricata 4.1.4, ElasticSearch 6.8.2, Kibana 6.8.2 and Logstash 6.8.1. With the exception of Scirius, every other service works fine. I run into three main issues when installing Scirius;

First, after running "npm run build" in the hunt directory I receive a number of error messages, mainly that the App.css file cannot be found. If I create a empty file named App.css in the appropriate directory the npm command will run successfully. However, using hunt in the url will not look right(looks like basic html since the css file is empty).

Second, when running "python manage.py migrate" in the scirius directory, I get an error message indicating that "/var/log/scirius/elasticsearch.log" is missing. By adding the file I can get the command to run successfully, but shouldn't this file be generated by default or something?

Third, once Scirius is running, it does not see any of the rule hits. Even though services like kibana and evebox can display the hits.

How would I go about troubleshooting and resolving these problems? npm-run-build-error

Potrik98 commented 5 years ago

I had the same problem with Scirius showing no data, but I fixed it by editing the settings adding these lines to a local_settings.py file in the project root, hopefully it will work for you:

ELASTICSEARCH_LOGSTASH_INDEX = "logstash-*"
ELASTICSEARCH_KEYWORD = "keyword"
josass commented 5 years ago

I seem to have been able to resolve most of my previous issues. Hunt now loads as intended, even though I was running as root, it seems I still needed to run sudo in from of "npm install" and "npm run build". In addition to this, as Potrik98 mentioned, changing those two values in the settings.py make it so that hunt can now see rule hits. Unfortunately, scirius still displays "No data available" even though services like evebox and kibana can see the traffic and alerts. With that said, I will be closing this ticket because I was able to resolve my main issues. But, I will also open a new ticket to attempt to resolve my new issues.