search

Graylog2 / graylog-plugin-threatintel

Graylog Processing Pipeline functions to enrich log messages with IoC information from threat intelligence databases
Other
150 stars 19 forks source link

v0.9.0 not comp with Graylog 2.1.3 and 2.2 #23

Closed jalogisch closed 7 years ago

jalogisch commented 7 years ago

After the Bugfix Release of Graylog 2.1.3 the Plugin in Version 0.9.0 breaks the setup.

As I have a frontent NGINX I notice the following 401 line:

1.1.1.82 - 3c8e2671-df60-463c-843a-bf1762c54677 [27/Jan/2017:11:15:21 +0100] "POST /api/cluster/metrics/multiple HTTP/2.0" 200 1484 "https://x.jalogis.ch/search" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/602.3.12 (KHTML, like Gecko) Version/10.0.2 Safari/602.3.12"
1.1.1.82 - - [27/Jan/2017:11:15:22 +0100] "GET /api/system/cluster/node HTTP/2.0" 401 170 "https://x.jalogis.ch/search" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/602.3.12 (KHTML, like Gecko) Version/10.0.2 Safari/602.3.12"
1.1.1.82 - 3c8e2671-df60-463c-843a-bf1762c54677 [27/Jan/2017:11:15:23 +0100] "GET /api/system/cluster/nodes HTTP/2.0" 200 1191 "https://x.jalogis.ch/search" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/602.3.12 (KHTML, like Gecko) Version/10.0.2 Safari/602.3.12"

The Request to /api/system/cluster/node is made without authentication if the Plugin is active an this force a full reload.

After removing the Plugin everything is working without any issues.

Dr-Crow commented 7 years ago

I had the same issue. Once the plugin was removed it, Graylog started to work fine. If you ignore the request to the node, Graylog just randomly reloads the page.

lennartkoopmann commented 7 years ago

Thanks. Working on this now.

joschi commented 7 years ago

The Threat Intelligence plugin 0.9.1 is compatible with Graylog 2.1.3: https://github.com/Graylog2/graylog-plugin-threatintel/releases/tag/0.9.1

Dr-Crow commented 7 years ago

Going to give it a test! I'll report back soon.

Dr-Crow commented 7 years ago

I added the plugin to my plugins folder and reloaded Graylog. Upon reboot everything seemed fine, but when I go to Configurations the whole page breaks.

image

joschi commented 7 years ago

@Dr-Crow Second time's a charm, hopefully: https://github.com/Graylog2/graylog-plugin-threatintel/releases/tag/0.9.2

Dr-Crow commented 7 years ago

@joschi hahahahha, I'll give it a go!

lennartkoopmann commented 7 years ago

Thank you @joschi! 👍

joschi commented 7 years ago

And finally there's version 0.10.0 which works with Graylog 2.2.1: https://github.com/Graylog2/graylog-plugin-threatintel/releases/tag/0.10.0