'[security-onion] Re: Error Contacting Log Server(s) Message when loading ELSA web interface'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-onion
Subject:    [security-onion] Re: Error Contacting Log Server(s) Message when loading ELSA web interface
From:       Rob Marmo <supraclk06 () gmail ! com>
Date:       2014-02-25 17:21:22
Message-ID: 87ac187b-bce6-43db-8b79-4f5ce1654577 () googlegroups ! com
[Download RAW message or body]

Jesse,

How did you go about replacing these files?  Did you just uninstall/reinstall or \
manually grab them off another SO distribution?  Just curious,

Thanks,

On Monday, February 24, 2014 1:44:38 PM UTC-5, Jesse E. wrote:
> For others who might encounter this: replacing /etc/elsa_node.conf and \
> /etc/elsa_web.conf with the latest default versions resolved this issue for me. 
> 
> 
> On Thursday, January 9, 2014 5:19:16 PM UTC-8, Jesse E. wrote:
> 
> > I'm seeing a very similar (if not exactly the same) issue as reported in this \
> > thread:
> 
> > 
> 
> > 
> 
> > 
> 
> > https://groups.google.com/forum/#!topic/enterprise-log-search-and-archive/glEv1lyplM8
> > 
> 
> > 
> 
> > 
> 
> > 
> 
> > I too receive the error: "Error Contacting Log Server(s) Message" when I try to \
> > load the ELSA web interface.
> 
> > 
> 
> > 
> 
> > 
> 
> > Martin—I found a list of commands you had someone run on this thread:
> 
> > 
> 
> > 
> 
> > 
> 
> > https://groups.google.com/forum/#!msg/security-onion/defgI79K__o/lq12DW7lBRcJ
> 
> > 
> 
> > 
> 
> > 
> 
> > So I ran them and dumped them in a Dropbox share. Here it is:
> 
> > 
> 
> > 
> 
> > 
> 
> > https://www.dropbox.com/sh/e25f2qex396aaxc/FHxVB7LlNd
> 
> > 
> 
> > 
> 
> > 
> 
> > When I started troubleshooting, I noticed that some of the ports for sphinx were \
> > incorrect in my conf files, so I fixed that and did service sphinxsearch restart. \
> > That didn't fix it, so I did service nsm restart. Still no go, although \
> > everything reports as OK. I also rebooted the entire box. That didn't help \
> > either.
> 
> > 
> 
> > 
> 
> > 
> 
> > One thing I'll mention is that if I tail -f the elsa web.log file while I try to \
> > load the page, I can see that the error starts at the line:
> 
> > 
> 
> > 
> 
> > 
> 
> > * DEBUG [2014/01/10 00:37:41] /opt/elsa/web/lib/Web.pm (108) Web::_extract_method \
> > 8179 [undef]
> 
> > 
> 
> > 
> 
> > 
> 
> > and ends at:
> 
> > 
> 
> > 
> 
> > 
> 
> > * ERROR [2014/01/10 00:37:41] /opt/elsa/web/lib/Web.pm (226) Web::_get_headers \
> > 8179 [undef]
> 
> > 
> 
> > Unable to get form params: $VAR1 = undef;
> 
> > 
> 
> > 
> 
> > 
> 
> > FWIW, I also verified that everything seems to be running on the correct ports \
> > now:
> 
> > 
> 
> > 
> 
> > 
> 
> > root@snort:~# netstat -lnptu | grep 3306
> 
> > 
> 
> > tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      \
> > 1707/mysqld
> 
> > 
> 
> > root@snort:~# netstat -lnptu | grep 9306
> 
> > 
> 
> > tcp        0      0 0.0.0.0:9306            0.0.0.0:*               LISTEN      \
> > 26316/searchd
> 
> > 
> 
> > root@snort:~# netstat -lnptu | grep 9312
> 
> > 
> 
> > tcp        0      0 0.0.0.0:9312            0.0.0.0:*               LISTEN      \
> > 26316/searchd
> 
> > 
> 
> > root@snort:~# netstat -lnptu | grep 3154
> 
> > 
> 
> > tcp6       0      0 :::3154                 :::*                    LISTEN      \
> > 2172/apache2
> 
> > 
> 
> > 
> 
> > 
> 
> > Just in case it's important, here's syslog-ng as well:
> 
> > 
> 
> > 
> 
> > 
> 
> > root@snort:~# netstat -lnptu | grep syslog
> 
> > 
> 
> > tcp        0      0 0.0.0.0:514             0.0.0.0:*               LISTEN      \
> > 1712/syslog-ng
> 
> > 
> 
> > udp        0      0 0.0.0.0:514             0.0.0.0:*                           \
> > 1712/syslog-ng
> 
> > 
> 
> > root@snort:~# ps aux | grep syslog-ng
> 
> > 
> 
> > root      1711  0.0  0.0  26784   436 ?        S    00:30   0:00 supervising \
> > syslog-ng
> 
> > 
> 
> > root      1712  2.7  0.0  87096 16532 ?        Ss   00:30   1:07 \
> > /usr/sbin/syslog-ng -p /var/run/syslog-ng.pid
> 
> > 
> 
> > root      9192  0.0  0.0   9392   940 pts/3    S+   01:11   0:00 grep \
> > --color=auto syslog-ng
> 
> > 
> 
> > 
> 
> > 
> 
> > I've spent quite a few hours troubleshooting this now, so any help greatly is \
> > appreciated!
> 
> > 
> 
> > 
> 
> > 
> 
> > Best,
> 
> > 
> 
> > 
> 
> > 
> 
> > Jesse

-- 
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
http://groups.google.com/group/security-onion. For more options, visit \
https://groups.google.com/groups/opt_out.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic