Not seeing alert in manager nod #6653

grakesh-061 · 2021-12-21T16:44:06Z

grakesh-061
Dec 21, 2021

Hello everyone.

I have this setup of forward and a manager node (no search node).
I also have a kali and a win 10 machine. All on Virtual box.
I am unable to see any nmap scan alerts (from Kali to win10) on manager node as I used to see in eval mode.
Verified all host group have the right port groups.

Am I missing anything ? much appreciate your inputs

Answered by dougburks

Dec 22, 2021

From https://docs.securityonion.net/en/2.3/architecture.html#distributed:

If you install a dedicated manager node, you must also deploy one or more search nodes. Otherwise, all logs will queue on the manager and have no place to be stored. If you are limited on the number of nodes you can deploy, you can install a manager search node so that your manager node can act as a search node and store those logs. However, please keep in mind that overall performance and scalability of a manager search node will be lower compared to our recommended architecture of dedicated manager node and separate search nodes.

View full answer

dougburks · 2021-12-22T15:21:29Z

dougburks
Dec 22, 2021
Maintainer

From https://docs.securityonion.net/en/2.3/architecture.html#distributed:

If you install a dedicated manager node, you must also deploy one or more search nodes. Otherwise, all logs will queue on the manager and have no place to be stored. If you are limited on the number of nodes you can deploy, you can install a manager search node so that your manager node can act as a search node and store those logs. However, please keep in mind that overall performance and scalability of a manager search node will be lower compared to our recommended architecture of dedicated manager node and separate search nodes.

2 replies

grakesh-061 Dec 23, 2021
Author

Thank you very much for this feedback. I will try installing a search node and update here.

grakesh-061 Dec 27, 2021
Author

hi Doug,
I installed seach node and was able to see some alerts. But I am not seeing some expected alerts.
In my setup I have Kali, win10 along with Forward, search and manager node.
I tried doing a port scan on win10 from Kali, Ideally this scan has to be detected (it was detected in the standalone mode). wanted to know if I am missing on something. Appreciate your inputs

grakesh-061 · 2021-12-27T11:13:48Z

grakesh-061
Dec 27, 2021
Author

hi Doug,
I installed seach node and was able to see some alerts. But I am not seeing some expected alerts.
In my setup I have Kali, win10 along with Forward, search and manager node.
I tried doing a port scan on win10 from Kali, Ideally this scan has to be detected (it was detected in the standalone mode). wanted to know if I am missing on something. Appreciate your inputs

1 reply

dougburks Dec 28, 2021
Maintainer

We've resolved your original problem of missing a search node and this discussion has been marked as answered.

If you have further questions or problems, please create a new discussion and provide more details about what you are or are not seeing.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Not seeing alert in manager nod #6653

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments 3 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Not seeing alert in manager nod #6653

Uh oh!

grakesh-061 Dec 21, 2021

Replies: 2 comments · 3 replies

Uh oh!

dougburks Dec 22, 2021 Maintainer

Uh oh!

grakesh-061 Dec 23, 2021 Author

Uh oh!

grakesh-061 Dec 27, 2021 Author

Uh oh!

grakesh-061 Dec 27, 2021 Author

Uh oh!

dougburks Dec 28, 2021 Maintainer

grakesh-061
Dec 21, 2021

Replies: 2 comments 3 replies

dougburks
Dec 22, 2021
Maintainer

grakesh-061 Dec 23, 2021
Author

grakesh-061 Dec 27, 2021
Author

grakesh-061
Dec 27, 2021
Author

dougburks Dec 28, 2021
Maintainer