Elastic and Sec Onion manger not getting Zeek logs

farmertom · June 18, 2024, 11:01pm

Hello,

I have setup a Sec onion search manager and a sec onion sensor setup in esxi. The manager has accepted the sensor into the grid and its says everything is working. But when I go to hunt in the sec onion web interface or elastic I can not see any zeek logs. When i check to see if the sensor is getting netwrok traffic I can see that it is, and the zeek logs are filling up with netwrok traffic. I can not find any errors in any of my logs?

I am guessing I am just missing something really dumb. But I could really use some help.

I found the ANSWER, See below.

nfeekery · June 19, 2024, 9:08am

From Elastic Search to Elasticsearch

farmertom · June 23, 2024, 3:49pm

ANSWER:

I setup the Sec onion VM on ESXI and when setting up Sec Onion I selected centos7 which was making the problem. Once I read Sec Onions documentation on how to setup Security Onion on ESXI I saw that I needed to select the OS as linux and Oracle Linux 9.x.
Here is the link to the documentation:

system · July 21, 2024, 3:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Suricata Agent Integration - Unable to grab eve.json Endpoint Security	1	618	July 23, 2021
Issue getting Zeek logs into Kibana Kibana elastic-agent	4	808	June 2, 2022
ElasticSearch service shows "active running" but it's not listening on port 9200, and no logs are being written Elasticsearch	2	6128	October 18, 2018
ELK - SO Security correlations Logstash elastic-stack-monitoring , elastic-stack-alerting	2	259	July 21, 2020
ES Not Starting and No Logs On Azure Ubuntu Instance Elasticsearch	2	544	March 19, 2018

Elastic and Sec Onion manger not getting Zeek logs

Related topics