You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.
Suppose Security Onion is installed in a VM and that VM is suspended today. Tomorrow, that VM is resumed. The VM may then update its OS date/time, either via NTP or virtualization tools. If that happens, then there is a mismatch because netsniff-ng is still writing pcap to a directory with the previous date on it. Attempting to pivot to pcap from Sguil/Squert/ELSA/Kibana will then fail.
Proposed Solution
Create a cron job that runs every minute. That cron job checks to see if:
netsniff-ng is enabled
netsniff-ng is running
netsniff-ng is writing to a date other than today's date
If all of the conditions above are true, then restart netsniff-ng so that it will start writing to today's date and log to a file that this corrective action was executed.
The text was updated successfully, but these errors were encountered:
Problem
Suppose Security Onion is installed in a VM and that VM is suspended today. Tomorrow, that VM is resumed. The VM may then update its OS date/time, either via NTP or virtualization tools. If that happens, then there is a mismatch because netsniff-ng is still writing pcap to a directory with the previous date on it. Attempting to pivot to pcap from Sguil/Squert/ELSA/Kibana will then fail.
Proposed Solution
Create a cron job that runs every minute. That cron job checks to see if:
If all of the conditions above are true, then restart netsniff-ng so that it will start writing to today's date and log to a file that this corrective action was executed.
The text was updated successfully, but these errors were encountered: