Standalone Evaluation - No Kibana Dashboard Data #1736
-
|
I was finally able to get the system installed using the ISO. so-status shows all green. I've so-allowed my local subnet for analysts so I can access the pages. I am seeing Alert and Hunt data. I am also forwarding my firewall syslog to SO and have allowed 514 inbound. I am not seeing any data in Kibana dashboards. I've checked /nsm/zeek/logs/current and see log data. Do I need to open more ports using so-allow? Thank you! I am getting closer. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
Here is a bit more detail. The z16.04 - Bro - HTTP dashboard shows zero entries. The http.log (/nsm/zeek/logs/current) file has plenty of data. Any suggestions as to why I am not seeing any data? All services are green. so-status: I am also not seeing any syslog data from my firewall. I've run tcpdump on port 514 with the source IP of my firewall and see incoming traffic. |
Beta Was this translation helpful? Give feedback.
-
|
The Since you have a new installation of Security Onion 2.0, you'll want to look at the dashboard named |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the clarification Doug! Does that also apply for syslog data? I would usually see my firewall logs under the firewall dashboard. I assume this is documented. BTW, thank you for you and your teams amazing work!! |
Beta Was this translation helpful? Give feedback.
-
|
Yes, please see https://docs.securityonion.net/en/2.3/kibana.html#dashboards |
Beta Was this translation helpful? Give feedback.
The
z16.04 - Bro - HTTPdashboard is only for folks who have done an in-place upgrade from Security Onion 16.04.Since you have a new installation of Security Onion 2.0, you'll want to look at the dashboard named
Security Onion - HTTP.