Hedgehog - logrotate service not starting #243
Assignees
Labels
Milestone
Comments
mmguero
added
arkime
|
Thanks, on Hedgehog the Arkime services (capture and viewer) are not running under systemd so these files shouldn't ever be written to (arkime's actual runtime logs on hedgehog would be found under /opt/sensor/sensor_ctl/log). I'll adjust the installer so that /opt/arkime/logs isn't included in logrotate any more. |
mmguero
added a commit
to mmguero-dev/Malcolm
that referenced
this issue
Aug 16, 2023
… not where Arkime's log files are going. addresses idaholab#243 Signed-off-by: Seth Grover <mero.mero.guero@gmail.com>
|
Fixed for v23.09.0 release. |
This was referenced Sep 15, 2023
Merged
mmguero
added a commit
to mmguero-dev/Malcolm
that referenced
this issue
Jan 17, 2024
Malcolm v23.03.0 is a release with enhancements, component version updates and bug fixes.
* Enhancements
- Replace Zeek's [misc/scan.zeek with ncsa/bro-simple-scan](https://github.com/zeek/zeek/blob/cdadc329859810244244c8800f0102543e4f134f/NEWS#L540-L541)
- terminate `start` and `restart` scripts once Malcolm has started properly (cisagov#240 and cisagov#241, thanks @Njinx)
- minor usability improvements for ISO-installed Malcolm and Hedgehog (idaholab#155)
+ Added a "Configure Malcolm" menu item (under the "Internet" GTK menu with the other Malcolm stuff) and launcher on the top panel of icons in Malcolm. This runs `./scripts/install.py --configure` in full screen. May look at starting this automatically on first boot in the future. (Malcolm)
+ Added Malcolm shortcut to gtk-3.0/bookmarks so it shows up in Thunar sidebar (Malcolm)
+ Added /opt/sensor/sensor_ctl shortcut to gtk-3.0/bookmarks so it shows up in Thunar sidebar (Hedgehog)
+ Have tilix from launcher panel start in /opt/sensor/sensor_ctl (Hedgehog)
- minor tweaks to defaults for `install.py --configure` (enable offline-capable file scanners by default)
- interrupt NetBox startup import script when `netbox-restore` is run
- added NetBox restore logic to `reset_and_auto_populate.sh` script (used mostly for demos and presentations)
* Component version updates
- Arkime to [v4.2.0](https://github.com/arkime/arkime/blob/93c89d68b25a4a56f7a6b8099a2661af9648ebaf/CHANGELOG#L39-L66)
- [OpenSearch](https://github.com/opensearch-project/OpenSearch/blob/bc50a2edcf29c3c41b7a777575c61e1874847d8a/release-notes/opensearch.release-notes-2.6.0.md) and [OpenSearch Dashboards](https://github.com/opensearch-project/OpenSearch-Dashboards/blob/69bcbfeea9bb345364e47f048cd5bcfe64c9c242/release-notes/opensearch-dashboards.release-notes-2.6.0.md) to 2.6.0
- [Logstash](https://www.elastic.co/guide/en/logstash/current/releasenotes.html) from v8.4.0 to v8.6.1
- [Beats](https://www.elastic.co/guide/en/beats/libbeat/current/release-notes-8.6.2.html) to v8.6.2
- Zeek to [v5.0.7](https://github.com/zeek/zeek/releases/tag/v5.0.7)
- OpenSearch-Py to [v2.2.0](https://github.com/opensearch-project/opensearch-py/releases/tag/v2.2.0) (and remove opensearch-dsl which is now part of opensearch-py)
- Supercronic to [v0.2.2](https://github.com/aptible/supercronic/releases/tag/v0.2.2)
- Capa to [v5.0.0](https://github.com/mandiant/capa/releases/tag/v5.0.0)
- Fluent Bit to [v2.0.9](https://github.com/fluent/fluent-bit/releases/tag/v2.0.9)
- Version updates to various Python package dependencies
* Fixes
- last few seconds' Zeek logs prior to log rotation may be lost (idaholab#151)
- in ISO-packaged Malcolm installation `scripts` directory, symlink `netbox-backup` and `netbox-restore` to `control.py`
- improve opensearchpy connect/health check logig in `pcap_watcher.py` in `pcap-monitor` container
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It worked after running:
The text was updated successfully, but these errors were encountered: