TLSRPT reports not showing in Kibana dashboard #588
Comments
|
I didn't realize I was posting from my work account, but here's a followup after I messed around trying to change the colours of the pie charts back to green/red. In the TLSRPT dashboard, there are the small X'es which I later realized I could click on to get more information about what's wrong: Reporting organizations:
Policy Types:
Policy Types Per Domain:
To me, it looks like the backend (database, whatever it's called) doesn't have the necessary structure to deal with the data being imported. I've been trying to find logs from Kibana/ES that could shed some more light on the problem, but I haven't been able to. When the containers start, a dashboard file is downloaded and imported if different from the one currently in use. Is there another version that would allow displaying the TLSRPTs as well that I need to import? |
|
Same problem here... |
Hi,
My setup is:
I recently found out that MTA-STS is a thing and that there are reports available for such mechanisms. After implementing the policy I started looking for a way to visualise the reports and tried Visenti Reports which worked, but didn't really give me what I wanted - which was a similar display as the DMARC reports available in parsedmarc-dockerized.
I came across a discussion regarding parsing and presenting TLSRPT reports in a separate dashboard in Kibana, and I also found that support for TLSRPT reports has been implemented.
Patschi's stack was originally running ElasticStack and Kibana 7.something, but I ran into problems with displaying the DMARC reports and found that the solution was to upgrade ES+Kibana to 8.12.2 (which at the time was the latest available version).
In trying to make this work with TLSRPT, I even updated ElasticSearch and Kibana to version 8.17.0 to see if a newer version of them would help, but alas, they did not. Downgrading to 8.12.2 again broke the stack, and I have all the reports stored, so if I have to blow everything away, I can reprocess everything.
It looks like the reports are processed properly in parsedmarc, but the TLSRPT reports do not show in the dashboard. DMARC reports are shown and look good. The TLSRPT dashboard only shows "No results found" and there are red X'es for three of the charts:
The report emails are delivered to a dedicated account on my own mailserver running mailcow and are retrieved just fine via IMAPS. Prior to moving the stack to run directly on unRAID, I had everything set up in a VM. Everything worked perfectly using either solution until I discovered TLSRPT and tried getting this to work. The DMARC reports are processed properly and still work.
I have no idea how neither ES nor Kibana work, but I'm happy to provide logs if I'm told what to provide.
The text was updated successfully, but these errors were encountered: