Kibana FPC points to /app/moloch, should be /moloch? #5
Comments
|
That is related to Scirius and Moloch set up combined toghether. in SELKS5 we have added config changes for both Scirius and Moloch (config) including adding a new user for the Moloch proxy during the execution of the first time set up script. |
|
Okay, then the NGINX configuration should be changed to redirect /app/moloch to /moloch. That should fix everything. Should I write a patch? Or you alter the Moloch configuration to listen on /app/moloch instead of /moloch. |
|
A patch for which part? SELKS or KTS6 i dont understand ? |
|
When I visit 'http://[ipadres]/app/moloch' I receive a bad request error. When I visit /moloch I am logged in directly without problems. |
|
yes - that is as expected on SELKS5 - it should work out of the box like this. |
|
But the link in Kibana points to /app/moloch, not /moloch. |
|
ok - what version of Scirius and moloch do you have? (you are on SELKS5 right?) |
|
Moloch version 1.6.1, Scirius version 3.0.1. I am on SELKS5, always the latest commits from SELKS5. I have some customizations for including Bro dashboards in Kibana, but they are on a separate index and do not conflict. The link in Kibana is simply pointing to the wrong location. |
|
If I alter the NGINX configuration to rewrite /app/moloch to /moloch, it works. But that is a ugly hack. |
|
you mean this here - https://github.com/StamusNetworks/SELKS/blob/SELKS5/staging/config/hooks/live/chroot-inside-Debian-Live.hook.chroot#L147 |
|
Yes, that's it. There two ways to fix this:
In hindsight altering the Moloch configuration seems like the simplest solution and more in line with the other apps (evebox on /app/evebox, kibana on /app/kibana). Just change webBasePath to /app/moloch. -edit- seems evebox is on /evebox, not /app/evebox, and /kibana is redirected to /app/kibana. There is little consistency here... ;) |
|
I think it had to do with the scripted fields in the Kibana dashboards as well. |
|
I made no changes to kibana.yml |
|
I think we made the change due to Kibana changes (one of their versions i think), we also changed the scripted fields in each of the dashboards as well (to point to |
|
You are correct, the scripted fields in Dashboards point to /moloch and not /app/moloch. The scripted fields in Discover point to /app/moloch. So you would need to change all the dashboards, but that's a simple find and replace, correct? |
|
I think we did with the purpose of all aps accessed via Scirius/SELKS to be done with |
|
Okay, this command should do it: |
|
I think we purposefully did it by design to be like that and not to follow the traditional way. |
Moloch redirection is handled by the root location. This is necessary for StamusNetworks/KTS6#5.
Hi,
Moloch can only be reached via http://localhost/moloch and not via http://localhost/app/moloch, despite the NGINX configuration specifying /app/moloch. When visiting /app/moloch you need to provide your credentials again, after which you'll receive the message "Bad Request". When visiting /moloch, everything works well.
In Kibana Discover, the FPC link in a network packet points to /app/moloch instead of /moloch, resulting in this error. Either move Moloch to /app/moloch, or alter the link in Kibana to point to /moloch.
I'm not sure why Moloch even runs on /moloch instead of /app/moloch, maybe that is the real bug, which is why I haven't committed a pull request.
Jeroen
The text was updated successfully, but these errors were encountered: