search

StamusNetworks / scirius

Scirius is a web application for Suricata ruleset management and threat hunting.
GNU General Public License v3.0
621 stars 148 forks source link

Scirius "No Data Available" #188

Closed josass closed 5 years ago

josass commented 5 years ago

Have been attempting to install Scirius following this "https://scirius.readthedocs.io/en/latest/installation-ce.html" install guide. I am installing this on an Ubuntu 18.04 LXD container running Suricata 4.1.4, ElasticSearch 6.8.2, Kibana 6.8.2 and Logstash 6.8.1. With the exception of Scirius, every other service works fine. Unfortunately, it seems that Scirius is displaying the message "No Data Available" even though both my other services are working and receiving data. Likely related to this issue, is that in the terminal there are errors indicating that Scirius cannot find rules with certain sids(this happens every time the administration page is accessed via url). I have posted some screenshots of what I am seeing along with some options from my settings.py file. SciriusHome sciriusnodata scirius-missing elasticonf

pevma commented 5 years ago

Do the “host” and “localhost” résolve properly ?

Are there any errors in the scirius logs ?

-- Regards, Peter Manev

On 19 Aug 2019, at 14:35, josass notifications@github.com wrote:

Have been attempting to install Scirius following this "https://scirius.readthedocs.io/en/latest/installation-ce.html" install guide. I am installing this on an Ubuntu 18.04 LXD container running Suricata 4.1.4, ElasticSearch 6.8.2, Kibana 6.8.2 and Logstash 6.8.1. With the exception of Scirius, every other service works fine. Unfortunately, it seems that Scirius is displaying the message "No Data Available" even though both my other services are working and receiving data. Likely related to this issue, is that in the terminal there are errors indicating that Scirius cannot find rules with certain sids(this happens every time the administration page is accessed via url). I have posted some screenshots of what I am seeing along with some options from my settings.py file.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

josass commented 5 years ago

@pevma, "host" and "localhost" seem to be resolving correctly. After some testing, I found that if they weren't resolving than hunt would show 0 alerts and the Scirius Administration page would display elastisearch as grey and indicate "no data for period".

As for the scirius logs I have checked the /var/log/scirius/elasticsearch.log and see the following: elasticnodata healtnodata There are a few instances like this that display "No data", as for any other logs I am not sure where the rest of the Scirius log files are held.

josass commented 5 years ago

After consulting issue #89 , I found that my error was caused by not using the hostname of my device in scirius > suricata > edit. As shown below: sciriusworking With that done, everything now seems to show up properly.