Category: Security Onion
Security Onion running out of space in the /nsm filesystems?
If you have insufficient space for Security Onion’s /nsm filesystems, then consider adjusting these parameters in the SOC (Administration > Configuration):
Read More → Security Onion running out of space in the /nsm filesystems?Installing GNU Screen on SecurityOnion
Running the command sudo soup on your manager node gives you this warning: WARNING: If you run soup via an SSH session and that SSH session terminates, then any processes running in that session would terminate. You should avoid leaving soup unattended especially if the machine you are SSHing from is configured to sleep after […]
Read More → Installing GNU Screen on SecurityOnionShell scripts for Security Onion manager node
For some reason a rebooted Security Onion manager node is perceived as a combined manager-search node (this is my hypothesis), filling up the /nsm filesystem with unnecessary, large amounts of data. Here are four shell scripts I find useful.
Read More → Shell scripts for Security Onion manager nodeSecurity Onion 2.4.40 and so-elastalert running on the manager
We upgraded our Security Onion nodes today. We really had no choice. I was surprised to see the so-elastalert container normally running on the manager being unable to start. I happened to glance at the release notes, and tried the commands suggested there. Suffice it to say, I got nowhere.
Read More → Security Onion 2.4.40 and so-elastalert running on the managerSecurity Onion 2.4.30, Zeek 6.0.2, and single IPv4 address in $HOME_NET
If Zeek on your forward node (sensor) keeps restarting and its detailed status never changes from “health: starting,” to simply “healthy,” have a look at zeek.config.networks.HOME_NET in the Grid Configuration.
Read More → Security Onion 2.4.30, Zeek 6.0.2, and single IPv4 address in $HOME_NET