Having problems? Try the suggestions below.

  • Have you run soup to ensure that you’re on the latest version?

  • Check the FAQ.

  • Search the Community Support forum.

  • Search the documentation and support forums of the tools contained within Security Onion: Tools

  • Check log files in /opt/so/log/ or other locations for any errors or possible clues:

    • Setup /root/sosetup.log

    • Suricata /opt/so/log/suricata/suricata.log

    • Zeek /nsm/zeek/logs/current/

    • Elasticsearch /opt/so/log/elasticsearch/<hostname>.log

    • Kibana /opt/so/log/kibana/kibana.log

    • Logstash /opt/so/log/logstash/logstash.log

    • Elastalert /opt/so/log/elastalert/elastalert_stderr.log

  • Are you able to duplicate the problem on a fresh Security Onion installation?

  • Check the Known Issues to see if this is a known issue that we are working on.

  • If all else fails, please feel free to reach out for Support.