OTX integration #6110

mbaki · 2021-11-04T17:26:10Z

mbaki
Nov 4, 2021

Hi all,

By mistake I ran https://raw.githubusercontent.com/weslambert/securityonion-otx/master/securityonion-otx on my sensor (distributed architecture) and now so-status shows zeek as "missing" how can I revert back.
Do I need to install it on my manager?

Thanks
Monah

Answered by weslambert

Nov 8, 2021

Hi @mbaki ,

You should run the script on the manager. I'm not sure if the script would affect anything on the sensor, since it is looking for the directory structure that exists on the manager, however, you can troubleshoot by reviewing /nsm/zeek/logs/current/reporter.log or docker logs so-zeek (but from your report, it sounds like a container may not be built yet). You may also try so-zeek-start to attempt to start it back up.

View full answer

weslambert · 2021-11-08T12:55:18Z

weslambert
Nov 8, 2021

Hi @mbaki ,

You should run the script on the manager. I'm not sure if the script would affect anything on the sensor, since it is looking for the directory structure that exists on the manager, however, you can troubleshoot by reviewing /nsm/zeek/logs/current/reporter.log or docker logs so-zeek (but from your report, it sounds like a container may not be built yet). You may also try so-zeek-start to attempt to start it back up.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

OTX integration #6110

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

OTX integration #6110

Uh oh!

Uh oh!

mbaki Nov 4, 2021

Replies: 1 comment

Uh oh!

weslambert Nov 8, 2021

mbaki
Nov 4, 2021

weslambert
Nov 8, 2021