Help

Having problems? Try the suggestions below.

• Have you run soup to ensure that you’re on the latest version?
• Check the FAQ.
• Search the Community Support forum.
• Search the documentation and support forums of the tools contained within Security Onion: Tools
• Check log files in /opt/so/log/ or other locations for any errors or possible clues:
  • Setup /root/sosetup.log
  • Suricata /opt/so/log/suricata/suricata.log
  • Zeek /nsm/zeek/logs/current/
  • Elasticsearch /opt/so/log/elasticsearch/<hostname>.log
  • Kibana /opt/so/log/kibana/kibana.log
  • Logstash /opt/so/log/logstash/logstash.log
  • Elastalert /opt/so/log/elastalert/elastalert_stderr.log
• Are you able to duplicate the problem on a fresh Security Onion installation?
• Check the Known Issues to see if this is a known issue that we are working on.
• If all else fails, please feel free to reach out for Support.

• FAQ
  • Install / Update / Upgrade
  • Users / Passwords
  • Support / Help
  • IDS engines
  • Security Onion internals
  • Tuning
  • Miscellaneous
• Directory Structure
  • /opt/so/conf
  • /opt/so/log
  • /opt/so/rules
  • /opt/so/saltstack/local
  • /nsm
  • /nsm/zeek
  • /nsm/elasticsearch
  • /nsm/pcap
  • /nsm/wazuh
• Tools
• Support
  • Paid Support
  • Community Support
• Community Support
  • Check Documentation First
  • Forum Guidelines
  • Forum
• Help Wanted
  • Marketing Team
  • Support Team
  • Documentation Team
  • Core Development
  • Thanks