Replies: 3 comments 1 reply
-
|
What are you trying to do with There should be an error entry in |
Beta Was this translation helpful? Give feedback.
-
|
Hello Chris,
Thank you for your reply .
I am trying to get the these ports as a list without creating a rules for each of them . And I was trying to convert, but keep giving me a error 500 as per the image.
I did not check the log I will and let you know
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Chris Morgret ***@***.***>
Sent: Tuesday, May 26, 2026 6:50:32 AM
To: Security-Onion-Solutions/securityonion ***@***.***>
Cc: Herve Miezan ***@***.***>; Author ***@***.***>
Subject: Re: [Security-Onion-Solutions/securityonion] Issue to run the Convert rules in Kibana (Discussion #15922)
What are you trying to do with DestinationPort|in?
There should be an error entry in /opt/so/log/soc/sensoroni-server.log when you try and convert. What does that say?
—
Reply to this email directly, view it on GitHub<#15922?email_source=notifications&email_token=AKSK6YWXG5WCUUFTVP6I3FL44WHJPA5CNFSNUABIM5UWIORPF5TWS5BNNB2WEL2ENFZWG5LTONUW63SDN5WW2ZLOOQXTCNZQGYYTSNRVUZZGKYLTN5XKMYLVORUG64VFMV3GK3TUVRTG633UMVZF6Y3MNFRWW#discussioncomment-17061965>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AKSK6YT6XD5ONCKNGM3DD2T44WHJPAVCNFSM6AAAAACZK2ZVKSVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTOMBWGE4TMNI>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
Thanks, for the destination port, try using the field name |
Beta Was this translation helpful? Give feedback.
-
|
Thank I will try and let you know
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Chris Morgret ***@***.***>
Sent: Wednesday, May 27, 2026 10:50:46 AM
To: Security-Onion-Solutions/securityonion ***@***.***>
Cc: Herve Miezan ***@***.***>; Author ***@***.***>
Subject: Re: [Security-Onion-Solutions/securityonion] Issue to run the Convert rules in Kibana (Discussion #15922)
Thanks, for the destination port, try using the field name destination.port then list your port numbers like you have them. Check to see if it converts. If you are still having issues and can post the text of the rule I can take a look at it.
—
Reply to this email directly, view it on GitHub<#15922?email_source=notifications&email_token=AKSK6YV6ONUEAVUVXUY6OFT444MGNA5CNFSNUABIM5UWIORPF5TWS5BNNB2WEL2ENFZWG5LTONUW63SDN5WW2ZLOOQXTCNZQG44DCNRSUZZGKYLTN5XKMYLVORUG64VFMV3GK3TUVRTG633UMVZF6Y3MNFRWW#discussioncomment-17078162>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AKSK6YX76FY44Z3UNIB3WB3444MGNAVCNFSM6AAAAACZK2ZVKSVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTOMBXHAYTMMQ>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.210
Installation Method
Security Onion ISO image
Description
other (please provide detail below)
Installation Type
Standalone
Location
on-prem with Internet access
Hardware Specs
Exceeds minimum requirements
CPU
4
RAM
24
Storage for /
250
Storage for /nsm
200
Network Traffic Collection
span port
Network Traffic Speeds
1Gbps to 10Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
I am having issue to convert that new rules.. all seems ok base on the previous created but I don't know if because I am having multiple ports in my selection.
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions