HOWTO : Trouble Shooting for Croissants

There may be a chance that your Croissants not working. We now talking about how to trouble shoot it.

Step 1 :

To see if "suricata", "pigsty" and "snorby" are working (existing) or not.

sudo ps aux | grep suricata
sudo ps aux | grep pigsty
sudo ps aux | grep delayed

Step 2 :

If you encounter no alert on the Snorby, you can check if the "unified2.alert.*" is there. Please also note that it should be only one "unified2.alert.*" file.

ls /var/log/suricata

If you find more than one unified2.alert.*, delete the oldest and keep the current. Or simply delete all and then reboot.

Step 2a :

One more area to check for no alert is at Snorby.

Open the browser and point to the Snorby. "Administration" -- "Worker & Job Queue" is showing "OK" at the "Status".





Step 3 :

If you encounter any error, you can try to reboot the sensor (Croissants) to see if the problem is gone or not.

Step 4 :

To check the suricata.log to see if there is any error.

nano /var/log/suricata.log

That's all! See you.