Samiux's Blog

Open Source is a great idea and it has changed the world! Open Source forever ....

While you do not know attack, how can you know about defense? (未知攻,焉知防?)

Do BAD things .... for the RIGHT reasons -- OWASP ZAP

It is easier to port a shell than a shell script. -- Larry Wall

Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris. -- Larry Wall

为天地立心，为生民立命，为往圣继绝学，为万世开太平。 -- 王炜

Monday, March 30, 2015

HOWTO : Trouble Shooting for Croissants

There may be a chance that your Croissants not working. We now talking about how to trouble shoot it.

Step 1 :

To see if "suricata", "pigsty" and "snorby" are working (existing) or not.

sudo ps aux | grep suricata

sudo ps aux | grep pigsty

sudo ps aux | grep delayed

Step 2 :

If you encounter no alert on the Snorby, you can check if the "unified2.alert.*" is there. Please also note that it should be only one "unified2.alert.*" file.

ls /var/log/suricata

If you find more than one unified2.alert.*, delete the oldest and keep the current. Or simply delete all and then reboot.

Step 2a :

One more area to check for no alert is at Snorby.

Open the browser and point to the Snorby. "Administration" -- "Worker & Job Queue" is showing "OK" at the "Status".

Step 3 :

If you encounter any error, you can try to reboot the sensor (Croissants) to see if the problem is gone or not.

Step 4 :

To check the suricata.log to see if there is any error.

nano /var/log/suricata.log

That's all! See you.