Problem with viewing Alerts on Scirius page

[ghost]

stamus.error.log shows multiple entries line this

connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.101, server: selks, request: "GET /rules/info?query=memory HTTP/1.1", upstream: "fastcgi://[::1]:8080", host: "selks.foo.bar", referrer: "https://selks.foo.bar/rules/ruleset/"

Tried on two OSX systems (el capitan and snow leopard)

ElasticSearch/Kibana pages (ones with maps etc) work ok.

Access to Scirus page is https://selks.foo.bar

[pevma]

If you go to scirius -> suricata -> edit and change the first field NAME to match your hostname -would that help?

[ghost]

Hi Its was set to selks.foo.bar prior to me raising an issue.

Is it supposed to be a fqdn?

[pevma]

ok -so what is the hostname?

[ghost]

The hostname is selks.foo.bar

[snaki4]

Good morning,

Same issue seen by me. You do probably runs elastic 5.x where .raw has been changed to .keyword. This obligated you to change local_settings.py or settings.py with:

from ELASTICSEARCH_KEYWORD = "raw"

to ELASTICSEARCH_KEYWORD = "keyword"

[stamus]

@snaki4 - did that change fix the issue for you on Elasticsearch 5?

-- Regards, Peter Manev

On 17 Jan 2017, at 04:21, snaki4 notifications@github.com wrote:

Good morning,

Same issue seen by me. I have changed hostname under web interface, checked that that hostname populated in the elasticsearch database, but stats aren't being showed up on the dashboard :(

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[schulerjoe]

I can confirm that setting ELASTICSEARCH_KEYWORD = "keyword" made it work for me with Elasticsearch 5.

[tsikerdekis]

Can someone put this thread somewhere more visible. I had the same exact issue and indeed the solution of changing the name under suricata on scirius fixed the issue