Security Onion loads not functional gives 500 error and Containers "so-elastalert" "so-elasticsearch""so-suricata" missing

[pastorlibre]

Version

2.4.3

Installation Method

Security Onion ISO image

Description

other (please provide detail below)

Installation Type

Eval

Location

cloud

Hardware Specs

Exceeds minimum requirements

CPU

8

RAM

32

Storage for /

1tb

Storage for /nsm

dont see it

Network Traffic Collection

other (please provide detail below)

Network Traffic Speeds

Less than 1Gbps

Status

No, one or more services are failed (please provide detail below)

Salt Status

No, there are no failures

Logs

Yes, there are additional clues in /opt/so/log/ (please provide detail below)

Detail

I am trying to get back into our security onion and getting error message on main dashboard 500, then when going to the elastic fleet or Kibana I get a message saying "Kibana server is not ready yet." also I do know I have alerts in the logs about having only 15% 158gb free but I don't think that would cause my issues. If I do a status of services I get 4 are missing. I am new to security onion so not sure what to do as google is not much help.

so-curator │ running │ Up About an hour
so-dockerregistry │ running │ Up 2 hours
so-elastalert │ missing │
so-elastic-fleet │ running │ Up 8 minutes
so-elastic-fleet-package-registry │ running │ Up About an hour (healthy)
so-elasticsearch │ missing │
so-idstools │ running │ Up About an hour
so-influxdb │ running │ Up About an hour (healthy)
so-kibana │ running │ Up About an hour
so-kratos │ running │ Up About an hour
so-logstash │ running │ Up About an hour
so-mysql │ running │ Up About an hour (healthy)
so-nginx │ running │ Up About an hour (healthy)
so-playbook │ running │ Up 50 minutes
so-redis │ running │ Up About an hour
so-sensoroni │ running │ Up About an hour
so-soc │ running │ Up About an hour
so-soctopus │ running │ Up 50 minutes
so-steno │ running │ Up About an hour
so-strelka-backend │ running │ Up About an hour
so-strelka-coordinator │ running │ Up About an hour
so-strelka-filestream │ running │ Up About an hour
so-strelka-frontend │ running │ Up About an hour
so-strelka-gatekeeper │ running │ Up About an hour
so-strelka-manager │ running │ Up About an hour
so-suricata │ missing │
so-telegraf │ running │ Up About an hour
so-zeek │ missing │

Guidelines

• I have read the above statement and can confirm my post is relevant to Security Onion 2.4.

[dougburks]

You say above that you are using Security Onion 2.4.3? That was the old Beta 4 release from before 2.4 reached General Availability:
https://docs.securityonion.net/en/2.4/release-notes.html

From https://blog.securityonion.net/2023/07/security-onion-24-beta-4-release-now.html:

Upgrades from this 2.4 Beta release to anything else will not be supported.

Your best bet would be to download the latest 2.4.30 ISO image and perform a fresh installation:
https://securityonion.net/download

[pastorlibre]

Thank you I meant 2.4.30, it started working out of the blue, I am not sure what was going on..

[Huy-NQ177]

Same issues with version 2.4.30, so-elasticsearch and so-elastalert are missing many times. when i reboot 1st time, it works well but errors appeared after a few days

[dougburks]

@Huy-NQ177 From #1720:

Start a new discussion instead of replying to somebody else's discussion
Please search to see if you can find similar discussions that may help you. However, in order to avoid confusion, please do NOT reply to somebody else's discussion with your own issue. Instead, please start a new discussion and in that new discussion you can provide a hyperlink to the related discussion.