Logstash missing on fresh install. Twice in a row #11926
Replies: 6 comments
-
|
You specify above that your version is 2.4.3. Is that correct? That was an old Beta version. You also specify that the installation type was Standalone. On the installation type screen, did you select Standalone or did you perhaps select Eval? If you don't remember what you picked, you can run the following command: If you chose Eval, then please note that Evaluation Mode does not run Logstash at all: |
Beta Was this translation helpful? Give feedback.
-
|
I just verified that my installation type is Standalone. As for the version of install, it was the most recent verision available for download yesterday. I compared the SHA256 checksum and it came back correct.
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Doug Burks ***@***.***>
Sent: Monday, December 4, 2023 12:28:41 PM
To: Security-Onion-Solutions/securityonion ***@***.***>
Cc: Darren Schmitz ***@***.***>; Author ***@***.***>
Subject: Re: [Security-Onion-Solutions/securityonion] Logstash missing on fresh install. Twice in a row (Discussion #11926)
You specify above that your version is 2.4.3. Is that correct? That was an old Beta version.
You also specify that the installation type was Standalone. On the installation type screen, did you select Standalone or did you perhaps select Eval?
image.png (view on web)<https://github.com/Security-Onion-Solutions/securityonion/assets/1659467/0cd59f9d-a69b-47e9-8a19-6cf8ab178e5e>
If you don't remember what you picked, you can run the following command:
sudo grep "Node Type" /root/sosetup.log
If you chose Eval, then please note that Evaluation Mode does not run Logstash at all:
https://docs.securityonion.net/en/2.4/architecture.html#evaluation
—
Reply to this email directly, view it on GitHub<#11926 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A5SUG2NCMQYPZD6VJQB3C33YHYI5TAVCNFSM6AAAAABAFFQBHKVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM3TONJWGM3TE>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
What is the output of the following? |
Beta Was this translation helpful? Give feedback.
-
|
There is no output when I run that command.
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Doug Burks ***@***.***>
Sent: Monday, December 4, 2023 1:24:05 PM
To: Security-Onion-Solutions/securityonion ***@***.***>
Cc: Darren Schmitz ***@***.***>; Author ***@***.***>
Subject: Re: [Security-Onion-Solutions/securityonion] Logstash missing on fresh install. Twice in a row (Discussion #11926)
What is the output of the following?
sudo docker images |grep logstash
—
Reply to this email directly, view it on GitHub<#11926 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A5SUG2NXTAR7UAZZMRBT2HLYHYPNLAVCNFSM6AAAAABAFFQBHKVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM3TONJWHAZTO>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
Were there any errors when you ran Setup? Are you able to share /root/sosetup.log? |
Beta Was this translation helpful? Give feedback.
-
|
I caved and reuploaded my ISO file to my ESXi and tried reinstalling for the 3rd time. This time there were no issues. I apologize for the inconvenience.
Thank you!
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Doug Burks ***@***.***>
Sent: Monday, December 4, 2023 1:38:39 PM
To: Security-Onion-Solutions/securityonion ***@***.***>
Cc: Darren Schmitz ***@***.***>; Author ***@***.***>
Subject: Re: [Security-Onion-Solutions/securityonion] Logstash missing on fresh install. Twice in a row (Discussion #11926)
Were there any errors when you ran Setup?
Are you able to share /root/sosetup.log?
—
Reply to this email directly, view it on GitHub<#11926 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A5SUG2LC5AQ327FYJB3BRSTYHYRD7AVCNFSM6AAAAABAFFQBHKVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM3TONJWHE2TK>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.3
Installation Method
Security Onion ISO image
Description
installation
Installation Type
Standalone
Location
on-prem with Internet access
Hardware Specs
Exceeds minimum requirements
CPU
8
RAM
32
Storage for /
200
Storage for /nsm
200
Network Traffic Collection
span port
Network Traffic Speeds
1Gbps to 10Gbps
Status
No, one or more services are failed (please provide detail below)
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
Logstash missing, have tried so-logstash-restart --force hoping it would reinstall. Still comes up with it missing. Have tried fresh install twice. There are no logs in /opt/so/log/logstash
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions