Hello,

I recently deployed the last security onion distribution and configured a production mode installation of the system. The configuration ran successfully, but when myself or other analysts try to log into the Kibana web interface, the screen just refreshes without an error on the web browser.

I pulled up the kibana.log file and was met with a healthy amount of errors. Not sure how to correlate it with my login problem, but it is there. I'll attach the last few entries of the log here (Would surpass the 7k character max by a healthy margin)

{"type":"response","@timestamp":"2019-10-29T17:44:14Z","tags":,"pid":1,"method":"post","statusCode":200,"req":{"url":"/api/kibana/dashboards/import?force=true","method":"post","headers":{"host":"localhost:5601","user-agent":"curl/7.47.0","accept":"/","proxy-connection":"Keep-Alive","kbn-xsrf":"true", {"type":"response","@timestamp":"2019-10-29T17:44:14Z","tags":[],"pid":1,"method":"post","statusCode":200,"req":{"url":"/api/kibana/dashboards/import?force=true","method":"post","headers":{"host":"localhost:5601","user-agent":"curl/7.47.0","accept":"*/*","proxy-connection":"Keep-Alive","kbn-xsrf":"true",
{"type":"response","@timestamp":"2019-10-29T17:44:14Z","tags":,"pid":1,"method":"post","statusCode":200,"req":{"url":"/api/kibana/dashboards/import?force=true","method":"post","headers":{"host":"localhost:5601","user-agent":"curl/7.47.0","accept":"/","proxy-connection":"Keep-Alive","kbn-xsrf":"true", {"type":"response","@timestamp":"2019-10-29T17:44:14Z","tags":[],"pid":1,"method":"post","statusCode":200,"req":{"url":"/api/kibana/dashboards/import?force=true","method":"post","headers":{"host":"localhost:5601","user-agent":"curl/7.47.0","accept":"*/*","proxy-connection":"Keep-Alive","kbn-xsrf":"true",
{"type":"response","@timestamp":"2019-10-29T17:44:14Z","tags":,"pid":1,"method":"post","statusCode":200,"req":{"url":"/api/kibana/dashboards/import?force=true","method":"post","headers":{"host":"localhost:5601","user-agent":"curl/7.47.0","accept":"/","proxy-connection":"Keep-Alive","kbn-xsrf":"true", {"type":"response","@timestamp":"2019-10-29T17:44:14Z","tags":[],"pid":1,"method":"post","statusCode":200,"req":{"url":"/api/kibana/dashboards/import?force=true","method":"post","headers":{"host":"localhost:5601","user-agent":"curl/7.47.0","accept":"*/*","proxy-connection":"Keep-Alive","kbn-xsrf":"true",
{"type":"response","@timestamp":"2019-10-29T17:44:14Z","tags":,"pid":1,"method":"post","statusCode":200,"req":{"url":"/api/kibana/dashboards/import?force=true","method":"post","headers":{"host":"localhost:5601","user-agent":"curl/7.47.0","accept":"/","proxy-connection":"Keep-Alive","kbn-xsrf":"true", {"type":"response","@timestamp":"2019-10-29T17:44:14Z","tags":[],"pid":1,"method":"post","statusCode":200,"req":{"url":"/api/kibana/dashboards/import?force=true","method":"post","headers":{"host":"localhost:5601","user-agent":"curl/7.47.0","accept":"*/*","proxy-connection":"Keep-Alive","kbn-xsrf":"true",
{"type":"response","@timestamp":"2019-10-29T17:44:14Z","tags":,"pid":1,"method":"post","statusCode":200,"req":{"url":"/api/kibana/dashboards/import?force=true","method":"post","headers":{"host":"localhost:5601","user-agent":"curl/7.47.0","accept":"/","proxy-connection":"Keep-Alive","kbn-xsrf":"true", {"type":"response","@timestamp":"2019-10-29T17:44:14Z","tags":[],"pid":1,"method":"post","statusCode":200,"req":{"url":"/api/kibana/dashboards/import?force=true","method":"post","headers":{"host":"localhost:5601","user-agent":"curl/7.47.0","accept":"*/*","proxy-connection":"Keep-Alive","kbn-xsrf":"true",
{"type":"response","@timestamp":"2019-10-29T17:44:14Z","tags":,"pid":1,"method":"post","statusCode":200,"req":{"url":"/api/kibana/dashboards/import?force=true","method":"post","headers":{"host":"localhost:5601","user-agent":"curl/7.47.0","accept":"/","proxy-connection":"Keep-Alive","kbn-xsrf":"true", {"type":"response","@timestamp":"2019-10-29T17:44:14Z","tags":[],"pid":1,"method":"post","statusCode":200,"req":{"url":"/api/kibana/dashboards/import?force=true","method":"post","headers":{"host":"localhost:5601","user-agent":"curl/7.47.0","accept":"*/*","proxy-connection":"Keep-Alive","kbn-xsrf":"true",
{"type":"response","@timestamp":"2019-10-29T17:44:14Z","tags":,"pid":1,"method":"post","statusCode":200,"req":{"url":"/api/kibana/dashboards/import?force=true","method":"post","headers":{"host":"localhost:5601","user-agent":"curl/7.47.0","accept":"/","proxy-connection":"Keep-Alive","kbn-xsrf":"true", {"type":"response","@timestamp":"2019-10-29T17:44:14Z","tags":[],"pid":1,"method":"post","statusCode":200,"req":{"url":"/api/kibana/dashboards/import?force=true","method":"post","headers":{"host":"localhost:5601","user-agent":"curl/7.47.0","accept":"*/*","proxy-connection":"Keep-Alive","kbn-xsrf":"true",

kibana.yml config:

Default Kibana configuration from kibana-docker.

server.name: kibana
server.host: "0"
elasticsearch.url: http://elasticsearch:9200
elasticsearch.username: elastic
elasticsearch.password: changeme
xpack.monitoring.ui.container.elasticsearch.enabled: true
logging.dest: /var/log/kibana/kibana.log

Any help would be appreciated. Again, Security Onion deployment worked successfully, but I cannot login with elastic superuser nor can analysts login with their accounts. Web UI just flashes and does not load the Kibana interface

UPDATE:

Used the incorrect login credentials (was using elastic default username and password). Was able to login with kibana accounts after creation. I neglected to use the kibana account I created during setup thinking that the elastic super user can be used on Kibana.

Hello,

thanks for keeping us posted. But you should be able to use elastic super user account on Kibana. Not sure whats happening there.

Glad it worked though.

Cheers,
Bhavya

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.