1
Zenarmor (Sensei) / Re: External Elasticsearch 'not running'
« on: September 30, 2020, 11:28:33 am »Can you send a bug report by selecting all checkboxes? It is the upper right corner of Sensei GUI.
Done. Thanks
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Can you send a bug report by selecting all checkboxes? It is the upper right corner of Sensei GUI.
Elastic Search Database (https.//search.domain.co.9200) cannot be reached
curl --user elastic:elastic123 --insecure -X GET "https://search.domain.co:9200/?pretty"
{
"name" : "server1.cloudapp.azure.com",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "some-random-string",
"version" : {
"number" : "7.9.2",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "some-random-string",
"build_date" : "2020-09-23T00:45:33.626720Z",
"build_snapshot" : false,
"lucene_version" : "8.6.2",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
❯ curl -u elastic:changeme -kL https://search.domain.co
{
"name" : "server1.cloudapp.azure.com",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "some-random-string",
"version" : {
"number" : "7.9.2",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "some-random-string",
"build_date" : "2020-09-23T00:45:33.626720Z",
"build_snapshot" : false,
"lucene_version" : "8.6.2",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
https://search.domain.co
So, adding the URL as https://search.domain.co:443
seemed to work and i could complete the setup.Elasticsearch service is not running!
In order to view reports, you need to start Elasticsearch service.
Elastic Search Database (https.//search.domain.co.443) cannot be reached. Please check your network connectivity and make sure the remote database is up and running.
load_dn_aqm dn_aqm PIE loadedmessage that's the last thing on the console is the issue - this message appears related to the Shaper config I have setup.
Squid proxy maybe? IPFW (as in shaper or captive portal) has been know to block squid start.
load_dn_aqm dn_aqm PIE loaded
load_dn_aqm dn_aqm PIE loaded
Not wanting to hijack someone's thread, especially whilst fixing the problem is still in progress...
But I'm interested to see how this works out. I've just installed Maltrail and also getting no events showing in the GUI (but it's only been running ~20 minutes, so will wait a while longer
But it is currently causing problems and if my firewall doesn't work properly after a restart, I have no choice but to uninstall sensei.
Don't use tagged and untagged packet on the same interface with Sensei
There is no one. It's from BSD. Don't use tagged and untagged packet on the same interface with Sensei. Try it and give feedback, please...
If you have free port enable it without set an IP on it and name it TRUNK After this assign the VLANS on it. Not on the LAN port.