diff --git a/salt/elasticsearch/files/ingest/strelka.file b/salt/elasticsearch/files/ingest/strelka.file
index a2e08b799..ed80a4e5b 100644
--- a/salt/elasticsearch/files/ingest/strelka.file
+++ b/salt/elasticsearch/files/ingest/strelka.file
@@ -6,6 +6,7 @@
     { "rename":         { "field": "message2.scan",        "target_field": "scan",          "ignore_missing": true  } },
     { "rename":         { "field": "message2.request",        "target_field": "request",          "ignore_missing": true  } },
     { "rename":         { "field": "scan.hash",        "target_field": "hash",          "ignore_missing": true  } },
+    { "grok":           { "field": "request.attributes.filename",       "patterns": ["-%{WORD:log.id.fuid}-"] } },
     { "remove":         { "field": ["host", "path"],                                         "ignore_missing": true  } },
     { "pipeline":       { "name": "common"                                                                                   } }
   ]
diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index 176365756..dede0060e 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -8,7 +8,7 @@
 {%- set HOSTNAME = salt['grains.get']('host', '') %}
 {%- set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %}
 {%- set WAZUHENABLED = salt['pillar.get']('static:wazuh', '0') %}
-{%- set STRELKAENABLED = salt['pillar.get']('static:strelka', '0') %}
+{%- set STRELKAENABLED = salt['pillar.get']('strelka:enabled', '0') %}
 {%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
 {%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
 
diff --git a/salt/logstash/pipelines/config/so/9999_output_redis.conf.jinja b/salt/logstash/pipelines/config/so/9999_output_redis.conf.jinja
index 5bf2512d5..afa8d290a 100644
--- a/salt/logstash/pipelines/config/so/9999_output_redis.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9999_output_redis.conf.jinja
@@ -8,7 +8,7 @@ output {
 		key => 'logstash:unparsed'
 		congestion_interval => 1
 		congestion_threshold => 50000000
-		batch ==> True
+		batch => true
 		batch_events => {{ BATCH }}
 	}
 }
diff --git a/setup/so-functions b/setup/so-functions
index c52abbb97..48e36f3d1 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -617,7 +617,12 @@ detect_os() {
 				systemctl start NetworkManager;
 			} >> "$setup_log" 2<&1
 		fi
-		yum -y install yum-plugin-versionlock bc >> "$setup_log" 2>&1
+		if ! command -v bc > /dev/null 2>&1; then
+			yum -y install bc >> "$setup_log" 2>&1
+		fi
+		if ! yum versionlock > /dev/null 2>&1; then
+			yum -y install yum-plugin-versionlock >> "$setup_log" 2>&1
+		fi
 
 
 	elif [ -f /etc/os-release ]; then
diff --git a/setup/so-setup b/setup/so-setup
index 22b47edfb..eca5dbf23 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -51,21 +51,22 @@ echo "---- Starting setup at $(date -u) ----" >> $setup_log 2>&1
 
 automated=no
 function progress() {
+	local title='Security Onion Install'
 	if grep -q "ERROR" $setup_log || [[ -s /var/spool/mail/root ]]; then
 		if [[ -s /var/spool/mail/root ]]; then 
 			echo '[ ERROR ]  /var/spool/mail/root grew unexpectedly' >> $setup_log 2>&1
 		fi
 
-		if [[ $automated == no ]]; then whiptail_setup_failed; else exit 1; fi
-
-		if [[ -z $SKIP_REBOOT ]]; then shutdown -r now; else exit 1; fi
-	else
-		if [ $automated == no ]; then
-			whiptail --title "Security Onion Install" --gauge 'Please wait while installing' 6 60 0
-		else
-			cat >> $setup_log 2>&1
-		fi
+		export SO_ERROR=1
+		export SKIP_REBOOT=1
+		title="Error found, please check $setup_log"
 	fi
+
+	if [ $automated == no ]; then
+		whiptail --title "$title" --gauge 'Please wait while installing...' 6 60 0 # append to text
+	else
+		cat >> $setup_log 2>&1
+	fi		
 }
 
 if [[ -f automation/$automation && $(basename $automation) == $automation ]]; then
@@ -614,21 +615,17 @@ fi
 } | progress
 
 success=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
-if [[ "$success" = 0 ]]; then
+
+if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then 
+	IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1
+fi
+
+if [[ $success != 0 || -z $SO_ERROR ]]; then whiptail_setup_failed
+else 
 	whiptail_setup_complete
-
-	if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then 
-		export IP=$ALLOW_CIDR
-		so-allow -$ALLOW_ROLE >> $setup_log 2>&1
-	fi
-
-	if [[ $THEHIVE == 1 ]]; then
-		check_hive_init
-	fi
-else
-	whiptail_setup_failed
+	if [[ $THEHIVE == 1 ]]; then check_hive_init; fi
 fi
 
-if [[ -z $SKIP_REBOOT ]]; then
-	shutdown -r now
-fi
+install_cleanup >> $setup_log 2>&1
+
+if [[ -z $SKIP_REBOOT ]]; then shutdown -r now; else exit; fi
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 8c84d5345..e165ba351 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -1036,17 +1036,13 @@ whiptail_setup_complete() {
 	[ -n "$TESTING" ] && return
 
 	whiptail --title "Security Onion Setup" --msgbox "Finished $install_type install. Press Ok to reboot." 8 75
-	install_cleanup >> $setup_log 2>&1
-
 }
 
 whiptail_setup_failed() {
 
 	[ -n "$TESTING" ] && return
 
-	whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $setup_log for details. Press Ok to reboot." 8 75
-	install_cleanup >> $setup_log 2>&1
-
+	whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $setup_log for details. Press Ok to exit." 8 75
 }
 
 whiptail_shard_count() {