PCAP Jobs are all "Incomplete" #10574
-
|
I have a fresh install of 2.3.250. When I run so-status, all of the services appear to be running. When I drill down into an alert, and then try to use the action menu to pull the PCAP, I get an "Incomplete" error every time. I checked the pcap folder, and it's clearly filling with data. The only non standard configuration are the steps outlined here: #2164 to store PCAP on spinning rust and use the SSDs for everything else. Server specs are: Dell R730 I added the following line to fstab: /dev/sda /mnt/pcap xfs defaults,noatime 0 0 I've attached a few screenshots to illustrate the workflow and troubleshooting steps I've taken. 
This is the output of ls -alh for the directory /nsm/pcap/ 
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
I'd start by checking the log files in If that doesn't help, then you might want to install a fresh copy of Security Onion on a separate machine (perhaps in a VM) and compare the systems side-by-side looking for differences in file permissions, ownership, SELinux context, etc. |
Beta Was this translation helpful? Give feedback.
I'd start by checking the log files in
/opt/so/log/.If that doesn't help, then you might want to install a fresh copy of Security Onion on a separate machine (perhaps in a VM) and compare the systems side-by-side looking for differences in file permissions, ownership, SELinux context, etc.