Intel.log isn't generated #13828
Intel.log isn't generated
#13828
Replies: 1 comment
-
|
Issue solved itself |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.100
Installation Method
Security Onion ISO image
Description
configuration
Installation Type
Distributed
Location
airgap
Hardware Specs
Meets minimum requirements
CPU
6
RAM
16
Storage for /
500
Storage for /nsm
500
Network Traffic Collection
span port
Network Traffic Speeds
1Gbps to 10Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
Hello,
I'm experiencing an issue where Zeek isn't generating the intel.log file. I have a distributed Security Onion deployment with multiple remote sensors, and everything is functioning properly except for the Intel framework.
I followed the installation steps from the documentation for enabling Intel, specifically using the command:
sudo cp /opt/so/saltstack/default/salt/zeek/policy/intel/* /opt/so/saltstack/local/salt/zeek/policy/intel/I also checked the formatting of my Intel file, ensuring there were no leading spaces or incorrect formats, and everything looks fine.
When I ran
docker logs so-zeek, I noticed many workers seem stuck in the"initializing"state. To troubleshoot, I reinstalled one of my sensors directly onto iDRAC 9 hardware (without virtualization) as a standalone system, but the issue persists—no intel.logis being generated.Here is a screenshot of my Intel file:
I'm confident that the node has network visibility, as I can see entries to Reddit from its IP.
P.s I tried different addresses in intel file, and nothing has changed.
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions