Recently I decided I needed to spend more time on Linux. I am using a Dell Latitude 7480 with 16GB RAM and a 500GB SSD. I installed Linux then I tried to install the latest version of VMware player 16.0.2.
The installation would say it was “successful”, but there would be a bunch of errors.
When I started VMware Player, it behaved as expected—prompting for licence agreements etc.
I created a virtual machine and tried to start it. I then received the following error. “Could not open /dev/-vmmon: No such file or directory. Please make sure that the kernel module ‘vmmon’ is loaded.”
This error would make me curse for hours! I followed various guides telling me to install different packages, gcc, essentials, etc. Then, I saw posts telling me I was using the wrong Linux. Initially, I had installed Ubuntu 21.04. Instead I tried Ubuntu 20.04 LTS, with similar results. It appeared something was wrong with VMware and the Kernal.
After much testing without success, I managed to get lucky. I was in the laptop UEFI/BIOS settings and thought to change “Secure Boot -> Secure Boot Enable” and set it to “Disabled” I was grasping at straws. However, after rebooting, I could now start virtual machines without error! VMware Player is currently working for me. I hope other people who experience this error find this blog post before burning too much time.
I was setting up a Security Onion server and wanted to use Beats to send the Windows event logs to it. I was having some real difficulty with it. I had configured Security Onion and I had allowed connections to port 5044 using so-allow for all of the 192.168.1.0/16 network. I thought I had configured Beats correctly in winlogbeat.yml. From the clients I could send syslog fine. But beats would give me the error.
2019-07-29T08:57:05.545+0930 INFO pipeline/output.go:93 Attempting to reconnect to backoff(elasticsearch(http://192.168.1.100:5044)) with 64 reconnect attempt(s)
2019-07-29T08:57:05.549+0930 INFO [publish] pipeline/retry.go:189 retryer: send unwait-signal to consumer
2019-07-29T08:57:05.550+0930 INFO [publish] pipeline/retry.go:191 done
2019-07-29T08:57:05.551+0930 INFO [publish] pipeline/retry.go:166 retryer: send wait signal to consumer
2019-07-29T08:57:05.552+0930 INFO [publish] pipeline/retry.go:168 done
I could not telnet to 192.168.1.100:5044, I would get a connection refused. Running netstat -nao showed that my server was listening on port 5044. I was scratching my head. After much googling without luck I stumbled upon this link
The important comment which got me working was “I didn’t remove the one ‘#’ from output.logstash” it was then that I realised that my winlogbeat.yml had a problem. By default it was sending its to output.elasticsearch to the correct host and port but the wrong connection. Commenting out output.elasticsearch and un-commenting output.logstash and restarting the service and my pesky errors went away and I started to get data in elastic.
Now its time to figure out how to filter the data before it leaves the windows hosts to reduce the stress on the server system.