CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-05-10 05:12:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
18,067 Commits 53 Branches 125 Tags
feature/postgres-integration
Commit Graph

72 Commits

Author SHA1 Message Date
Mike Reeves 5228668be0 Fix Telegraf→Postgres table creation and state.apply race 
- Telegraf's partman template passed p_type:='native', which pg_partman
  5.x (the version shipped by postgresql-17-partman on Debian) rejects.
  Switched to 'range' so partman.create_parent() actually creates
  partitions and Telegraf's INSERTs succeed.
- Added a postgres_wait_ready gate in telegraf_users.sls so psql execs
  don't race the init-time restart that docker-entrypoint.sh performs.
- so-verify now ignores the literal "-v ON_ERROR_STOP=1" token in the
  setup log. Dropped the matching entry from so-log-check, which scans
  container stdout where that token never appears.
 2026-04-17 13:00:12 -04:00
Mike Reeves c124186989 so-log-check: exclude psql ON_ERROR_STOP flag 
The psql invocation flag '-v ON_ERROR_STOP=1' used by the so-postgres
init script gets flagged by so-log-check because the token 'ERROR'
matches its error regex. Add to the exclusion list.
 2026-04-15 19:45:42 -04:00
Jason Ertel 83bd8a025c ignore redis restart warning in logstash log 2026-03-18 10:59:20 -04:00
Jason Ertel 71839bc87f remove steno 2026-03-06 15:45:36 -05:00
Josh Patterson 78ae6cd84c upgrade docker 2026-02-20 12:29:23 -05:00
reyesj2 6b1939b827 exclude known issues with 3 integrations 2026-01-27 12:59:17 -06:00
reyesj2 55b3fa389e no dates 2026-01-23 16:33:22 -06:00
reyesj2 b3ae716929 ignore kratos file mapping error 2026-01-23 16:31:30 -06:00
reyesj2 d430ed6727 false positive 2026-01-15 15:25:28 -06:00
reyesj2 349d77ffdf exclude kafka restart error 2026-01-15 14:43:57 -06:00
Jason Ertel 2d705e7caa exempt kratos online check 2026-01-06 09:47:35 -05:00
reyesj2 8a8ea04088 ignore error for elastic-fleet agent 2025-10-08 14:01:18 -05:00
reyesj2 d03dd7ac2d check for oom kill only in the last 24 hours 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-09-19 11:32:13 -05:00
reyesj2 c9db52433f add oom check to so-log-check 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2025-09-19 11:08:42 -05:00
reyesj2 415f456661 ignore composable templates with error in the name 2025-07-12 08:30:04 -05:00
Jason Ertel bf8da60605 exclude component updates indexes with error in the name 2025-07-10 07:47:53 -04:00
Jason Ertel 5ecb483596 excluded harmless log error; suppress so-user grep output 2025-04-29 09:35:36 -04:00
Jason Ertel a0637fa25d ignore false positives 2025-03-21 14:54:52 -04:00
Jason Ertel 772aa7379f more false positives 2025-02-27 07:55:22 -05:00
Jason Ertel 66a2ec7e21 ES upgrade errors to ignore 2025-02-21 08:38:40 -05:00
Jason Ertel bf19c6e730 ca download; ignore shard errors on startup; clarify oidc id 2025-02-05 15:04:04 -05:00
reyesj2 9532f21c7b check zeek reporter.log 2024-12-05 13:49:44 -06:00
Jason Ertel 918f26962a ignore fp from hydra 2024-11-17 12:21:06 -05:00
DefensiveDepth 89a1e2500e Exclude logstash startup errors 2024-08-28 16:50:11 -04:00
Jason Ertel f19a35ff06 move custom alerters to subgroup; avoid false positives on log check 2024-08-28 09:32:25 -04:00
Jason Ertel eabb894580 exclude all logstash errors related to license manager init log line 2024-08-22 17:52:37 -04:00
weslambert 205bbd9c61 Use more specific match 2024-08-16 14:31:11 -04:00
weslambert 224bc6b429 Ignore old SOC logs before licenseStatus 2024-08-16 14:15:10 -04:00
DefensiveDepth b860bf753a Add influxdb known error 2024-08-15 11:50:34 -04:00
reyesj2 ff29d9ca51 Update log-check to ignore kafka data directories 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-11 10:23:51 -04:00
Jason Ertel 8ce19a93b9 exclude false positives related to detections 2024-05-21 13:29:20 -04:00
Jason Ertel 4771810361 exclude detect-parse errors 2024-05-15 19:10:50 -04:00
Jason Ertel 19e1aaa1a6 exclude detection rule errors 2024-05-09 15:45:33 -04:00
DefensiveDepth 58ddd55123 Exclude yara runtime log 2024-04-23 07:28:07 -04:00
Mike Reeves 21f86be8ee Update so-log-check 2024-04-05 08:03:42 -04:00
DefensiveDepth 1d221a574b Exclude Elastalert EQL errors 2024-04-04 06:48:25 -04:00
Jason Ertel 216b8c01bf disregard errors that in removed applications that occurred before the upgrade 2024-03-28 09:31:39 -04:00
DefensiveDepth d7ecad4333 Initial cut to remove Playbook and deps 2024-03-25 19:42:31 -04:00
Jason Ertel f889a089bf disregard benign telegraf error 2024-03-22 09:48:27 -04:00
Jason Ertel 47eea80d03 exempt transient license check errors 2024-01-10 09:07:17 -05:00
Jason Ertel 3456de3a30 exclude transient influxdb error 2023-12-22 07:16:45 -05:00
weslambert 244968ce23 Remove unnecessary blank lines 2023-12-20 17:30:15 -05:00
weslambert 65f89b22b2 Ignore Curator logs 2023-12-20 17:28:55 -05:00
Jason Ertel ca21e32d83 log false positives 2023-12-19 10:47:39 -05:00
Jason Ertel 25c39540c8 fix import stats 2023-12-11 14:48:46 -05:00
Jason Ertel f7fa4d05fb avoid startup error 2023-11-14 15:40:52 -05:00
Jason Ertel 7a0b21647f disregard false positives 2023-11-04 10:05:37 -04:00
Jason Ertel 1a3d4a2051 ignore malformed open canary log lines 2023-11-03 09:14:26 -04:00
Jason Ertel 96fdfb3829 ignore connectivity problems to docker containers during startup 2023-11-02 16:46:41 -04:00
Jason Ertel 32701b5941 more log bypass 2023-11-02 12:50:12 -04:00