[prev in list] [next in list] [prev in thread] [next in thread]
List: security-onion
Subject: [security-onion] Re: Error Contacting Log Server(s) Message when loading ELSA web interface
From: Rob Marmo <supraclk06 () gmail ! com>
Date: 2014-02-25 17:21:22
Message-ID: 87ac187b-bce6-43db-8b79-4f5ce1654577 () googlegroups ! com
[Download RAW message or body]
Jesse,
How did you go about replacing these files? Did you just uninstall/reinstall or \
manually grab them off another SO distribution? Just curious,
Thanks,
On Monday, February 24, 2014 1:44:38 PM UTC-5, Jesse E. wrote:
> For others who might encounter this: replacing /etc/elsa_node.conf and \
> /etc/elsa_web.conf with the latest default versions resolved this issue for me.
>
>
> On Thursday, January 9, 2014 5:19:16 PM UTC-8, Jesse E. wrote:
>
> > I'm seeing a very similar (if not exactly the same) issue as reported in this \
> > thread:
>
> >
>
> >
>
> >
>
> > https://groups.google.com/forum/#!topic/enterprise-log-search-and-archive/glEv1lyplM8
> >
>
> >
>
> >
>
> >
>
> > I too receive the error: "Error Contacting Log Server(s) Message" when I try to \
> > load the ELSA web interface.
>
> >
>
> >
>
> >
>
> > Martin—I found a list of commands you had someone run on this thread:
>
> >
>
> >
>
> >
>
> > https://groups.google.com/forum/#!msg/security-onion/defgI79K__o/lq12DW7lBRcJ
>
> >
>
> >
>
> >
>
> > So I ran them and dumped them in a Dropbox share. Here it is:
>
> >
>
> >
>
> >
>
> > https://www.dropbox.com/sh/e25f2qex396aaxc/FHxVB7LlNd
>
> >
>
> >
>
> >
>
> > When I started troubleshooting, I noticed that some of the ports for sphinx were \
> > incorrect in my conf files, so I fixed that and did service sphinxsearch restart. \
> > That didn't fix it, so I did service nsm restart. Still no go, although \
> > everything reports as OK. I also rebooted the entire box. That didn't help \
> > either.
>
> >
>
> >
>
> >
>
> > One thing I'll mention is that if I tail -f the elsa web.log file while I try to \
> > load the page, I can see that the error starts at the line:
>
> >
>
> >
>
> >
>
> > * DEBUG [2014/01/10 00:37:41] /opt/elsa/web/lib/Web.pm (108) Web::_extract_method \
> > 8179 [undef]
>
> >
>
> >
>
> >
>
> > and ends at:
>
> >
>
> >
>
> >
>
> > * ERROR [2014/01/10 00:37:41] /opt/elsa/web/lib/Web.pm (226) Web::_get_headers \
> > 8179 [undef]
>
> >
>
> > Unable to get form params: $VAR1 = undef;
>
> >
>
> >
>
> >
>
> > FWIW, I also verified that everything seems to be running on the correct ports \
> > now:
>
> >
>
> >
>
> >
>
> > root@snort:~# netstat -lnptu | grep 3306
>
> >
>
> > tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN \
> > 1707/mysqld
>
> >
>
> > root@snort:~# netstat -lnptu | grep 9306
>
> >
>
> > tcp 0 0 0.0.0.0:9306 0.0.0.0:* LISTEN \
> > 26316/searchd
>
> >
>
> > root@snort:~# netstat -lnptu | grep 9312
>
> >
>
> > tcp 0 0 0.0.0.0:9312 0.0.0.0:* LISTEN \
> > 26316/searchd
>
> >
>
> > root@snort:~# netstat -lnptu | grep 3154
>
> >
>
> > tcp6 0 0 :::3154 :::* LISTEN \
> > 2172/apache2
>
> >
>
> >
>
> >
>
> > Just in case it's important, here's syslog-ng as well:
>
> >
>
> >
>
> >
>
> > root@snort:~# netstat -lnptu | grep syslog
>
> >
>
> > tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN \
> > 1712/syslog-ng
>
> >
>
> > udp 0 0 0.0.0.0:514 0.0.0.0:* \
> > 1712/syslog-ng
>
> >
>
> > root@snort:~# ps aux | grep syslog-ng
>
> >
>
> > root 1711 0.0 0.0 26784 436 ? S 00:30 0:00 supervising \
> > syslog-ng
>
> >
>
> > root 1712 2.7 0.0 87096 16532 ? Ss 00:30 1:07 \
> > /usr/sbin/syslog-ng -p /var/run/syslog-ng.pid
>
> >
>
> > root 9192 0.0 0.0 9392 940 pts/3 S+ 01:11 0:00 grep \
> > --color=auto syslog-ng
>
> >
>
> >
>
> >
>
> > I've spent quite a few hours troubleshooting this now, so any help greatly is \
> > appreciated!
>
> >
>
> >
>
> >
>
> > Best,
>
> >
>
> >
>
> >
>
> > Jesse
--
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
http://groups.google.com/group/security-onion. For more options, visit \
https://groups.google.com/groups/opt_out.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic