SOC Disconnected (401) #8213
-
So my /nsm was at 99% for a few days when I wasn't monitoring the server and noticed Kibana wasn't available. I ran so-elastic-clear and removed all data, got nsm available to 50%. Now, I can't connect to the soc -- looking at sensoroni-server.log I continually see timestamp=2022-06-29T19:41:03.678766206Z level=warn message="Request did not complete successfully" error="Access denied" requestId=e5f03e75-9541-4077-9f9e-a4e04a2ea9b5 requestor=null so-status reports everything green except strelka + wazuh which I have disabled. Any ideas on how to correct this? I would like to avoid re-building the VM. My IP is permitted to hit the web port, I double checked the iptables. It just hammers the red banner 'Request failued with status code 401'. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 4 replies
-
What version of Security Onion are you running? Have you checked the Elasticsearch logs for additional clues? Have you tried creating a new user account to see if that allows you to login? |
Beta Was this translation helpful? Give feedback.
-
Did not compare any files -- backed up my configs/certs over sftp and did a fresh install. Everything working again though I lost Kibana dashboards and some playbook rules I could have tried saving. Don't know what caused that but this may be closed. Thank you support! |
Beta Was this translation helpful? Give feedback.
Did not compare any files -- backed up my configs/certs over sftp and did a fresh install. Everything working again though I lost Kibana dashboards and some playbook rules I could have tried saving. Don't know what caused that but this may be closed. Thank you support!