When running install_velociraptor on Security Onion ver.: 2.3.50 and 2.3.60, the SO web interface is not available anymore ans the so-soc is marked has missing when running so-status.

Thanks, I'll take a look -- I've been meaning to make some updates.

Please try now and let me know if you still run into issues.

Still having issues. I tried the new script twice and I got the same result. Here's what I'm getting during the install:

[Snip...]

so-manager-2350_managersearch:
so-sensor-2350_sensor:
Minion did not return. [No response]
The minions may not have all finished running and any remaining minions will return upon completion. To look up the return data for this job later, run the following command:

salt-run jobs.lookup_jid 20210707154709847505

ERROR: Minions returned with non-zero exit code
./install_velociraptor: line 81: so-velociraptor-start: command not found
Waiting...
cp: cannot create regular file ‘/opt/so/conf/velociraptor/config/’: Not a directory
chmod: cannot access ‘/opt/so/conf/velociraptor/config/server_monitoring.json.db’: No such file or directory
mv: cannot stat ‘/opt/so/conf/velociraptor/server.config.yaml’: No such file or directory
./install_velociraptor: line 96: /opt/so/conf/velociraptor/velociraptor: No such file or directory

[/Snip...]

When doing so-status, all the Docker containers are ok but there's no velociraptor Docker container.

THe SOC web interface answers correctly but https://$yourhost/velociraptor returns a 404 page not found error.

After rebooting, the SOC web interface doesn't respond anymorethe as the only Docker containers with an ok status are so-aptcacherng and so-dockerregistry. All the other ones hangs at wait_start forever and there's still no velociraptor Docker container.

The same happens in 2.3.61
After installing a fresh iso, I have installed so-velociraptor. But, after installing it, seems to be that something realted to javascript breaks the interface. In fact, I get no version number at left down text.
Any idea?

Has anyone tried this with the latest push to the repo for SO 2.3.61?

Just as a side comment, this would be awesome if this got officially supported in the core Security Onion distribution.

Hi!
Yes I did and I had to edit nginx.conf to make it working.
Let me know if you need some help

what changes did you make in the nginx.conf?

HI @Xboarder56 ,

The latest config in the repo should work -- have you tried it and are saying it's still not working as intended?

@weslambert was more making sure it was patched for the latest SO build. I just deployed it and all is good.

Thanks again for your work on this it's really great.

As wes says, check the latest repo. Also, you can check the soar nginf.conf file and will be the same

No problem, @Xboarder56 👍 . I'm going to recommend that everyone ensure they are upgraded to the latest, and close this issue for now.