SO Failing to Start

[zillion08]

Version

2.4.80

Installation Method

Security Onion ISO image

Description

upgrading

Installation Type

Distributed

Location

on-prem with Internet access

Hardware Specs

Exceeds minimum requirements

CPU

8

RAM

20

Storage for /

400

Storage for /nsm

200

Network Traffic Collection

tap

Network Traffic Speeds

Less than 1Gbps

Status

No, one or more services are failed (please provide detail below)

Salt Status

Yes, there are salt failures (please provide detail below)

Logs

Yes, there are additional clues in /opt/so/log/ (please provide detail below)

Detail

Hi everyone.

New here so sorry if this is not how to do things.

Running a 2.4.x standalone environment and recently did the soup command and now has most of the so-status services in a state of missing. Thought that it was okay beings I wanted to move to a distributed environment anyway.
Got everything installed, Forward and Search nodes setup etc. Did notice that the mgr was showing that elasticsearch was in a state of error. Going into kibana, it would say that shards were missing. Remembering that I forgot to do soup, thinking it would fix it, I ran the command and now the stack is in the same error as my standalone environment.

                Security Onion Status
                     Container │ Status  │       Details

───────────────────────────────────┼─────────┼───────────────
so-dockerregistry │ running │ Up 34 minutes
so-elastalert │ missing │
so-elastic-fleet │ missing │
so-elastic-fleet-package-registry │ missing │
so-elasticsearch │ missing │
so-idstools │ missing │
so-influxdb │ missing │
so-kibana │ missing │
so-kratos │ running │ Up 34 minutes
so-logstash │ missing │
so-nginx │ missing │
so-redis │ missing │
so-sensoroni │ missing │
so-soc │ missing │
so-telegraf │ missing │

Can't access gui.

I've included soup.log, the command result for sudo salt -C 'G@role:so-searchnode or G@role:so-sensor' state.highstate -linfo and so-checkin.

20240719-soup-log.txt
20240719-highstate.txt
20240719-so-checkin.txt

Any help would be appreciated.

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[dougburks]

Please download the 2.4.80 ISO image and verify it as shown at https://securityonion.net/download. Then perform a fresh installation but make sure you follow the documentation:
https://docs.securityonion.net/en/2.4/hardware.html
https://docs.securityonion.net/en/2.4/best-practices.html
https://docs.securityonion.net/en/2.4/firewall.html#internet-communication
https://docs.securityonion.net/en/2.4/firewall.html#node-communication

In particular, make sure that your Security Onion manager has full Internet access and nodes have full access to the manager as shown in those last 2 links.