HOWTO : Trouble Shooting for Croissants
There may be a chance that your Croissants not working. We now talking about how to trouble shoot it.
Step 1 :
To see if "
Step 2 :
If you encounter no alert on the Snorby, you can check if the "
If you find more than one
Step 2a :
One more area to check for no alert is at Snorby.
Open the browser and point to the Snorby. "
Step 3 :
If you encounter any error, you can try to reboot the sensor (Croissants) to see if the problem is gone or not.
Step 4 :
To check the suricata.log to see if there is any error.
That's all! See you.
Step 1 :
To see if "
suricata", "pigsty" and "snorby" are working (existing) or not.sudo ps aux | grep suricata
sudo ps aux | grep pigsty
sudo ps aux | grep delayedStep 2 :
If you encounter no alert on the Snorby, you can check if the "
unified2.alert.*" is there. Please also note that it should be only one "unified2.alert.*" file.ls /var/log/suricataIf you find more than one
unified2.alert.*, delete the oldest and keep the current. Or simply delete all and then reboot.Step 2a :
One more area to check for no alert is at Snorby.
Open the browser and point to the Snorby. "
Administration" -- "Worker & Job Queue" is showing "OK" at the "Status".Step 3 :
If you encounter any error, you can try to reboot the sensor (Croissants) to see if the problem is gone or not.
Step 4 :
To check the suricata.log to see if there is any error.
nano /var/log/suricata.logThat's all! See you.
