Unable to open a port on security onion 2.4.30

[JhonShell]

Version

2.4.30

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Distributed

Location

on-prem with Internet access

Hardware Specs

Exceeds minimum requirements

CPU

32

RAM

48

Storage for /

100

Storage for /nsm

3.5 tb

Network Traffic Collection

span port

Network Traffic Speeds

1Gbps to 10Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

Hello,

I currently having issue with the security onion 2.4.30 and open the port 5044 on the firewall to ingest the log of sysmon into the logstash , my current architecture is one manage and search node and another Heavy node, I check the manage and search and the port 5054 is listening for 0.0.0.0:5044 , however I am unable to open the port on manage and search node or heavy node either , I have tried everything on the doc and nothing seem to works, please I would appreciate you help , I leave some screenshot below.

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[cm-ops]

All you should have to do is add the IP in the below section, there is already a portgroup for 5044 for a managersearch node.

[JhonShell]

Hello,
I have set up putting the beat_endpoint and all the corresponding field and it refuse to open the port.

[cm-ops]

Just so I am clear, port 5044 is not open on the managersearch?

[JhonShell]

Yes, is not open.

[InfosecGoon]

How are you sending the sysmon logs? You should be using the Elastic Agent installed on that Windows endpoint, in which case you would need to add the endpoints IP address to the elastic_agent_endpoint host group, not beats_endpoint.