Open kabutosan opened 1 year ago
Check the debug logs for your Elasticsearch
I'm running everything in a docker... and elastic is up and running with no errors... what should I look?
Alienvault connector has the same behavior;
connector-alienvault_1 | {"timestamp": "2023-03-04T16:41:01.790074Z", "level": "INFO", "name": "pycti.entities", "message": "Listing Threat-Actors with filters null."}
connector-alienvault_1 | Traceback (most recent call last):
connector-alienvault_1 | File "/opt/opencti-connector-alienvault/main.py", line 7, in
Guys.. any help here is really appreciated! Thanks!!!
Changing your docker compose file for troubleshooting (When you are staging or troubleshooting OpenCTI i recommend these stay on until production):
What are the logs for the services saying?
I can see that you are using Docker Swarm. Which can get complex networking wise unless you have experience of managing basic docker.
I allocated 16GB to Elasticsearch
ENV file: OPENCTI_ADMIN_EMAIL=admin@mail.com OPENCTI_ADMIN_PASSWORD=changeme OPENCTI_ADMIN_TOKEN=f8d677a4-3b5c-4668-b694-191fc4fcc06b OPENCTI_BASE_URL=http://localhost:8080 MINIO_ROOT_USER=361d71dc-e236-476c-a87a-5c345ed8621b MINIO_ROOT_PASSWORD=2c16ec2b-6e6c-429e-bd01-51a2d069382c RABBITMQ_DEFAULT_USER=5b8f2e1f-bac9-4989-b2c1-8a8710e5d09f RABBITMQ_DEFAULT_PASS=aecf0acf-07e3-47b5-a2bf-5d112134a614 CONNECTOR_EXPORT_FILE_STIX_ID=dd817c8b-abae-460a-9ebc-97b1551e70e6 CONNECTOR_EXPORT_FILE_CSV_ID=7ba187fb-fde8-4063-92b5-c3da34060dd7 CONNECTOR_EXPORT_FILE_TXT_ID=ca715d9c-bd64-4351-91db-33a8d728a58b CONNECTOR_IMPORT_FILE_STIX_ID=72327164-0b35-482b-b5d6-a5a3f76b845f CONNECTOR_IMPORT_DOCUMENT_ID=c3970f8a-ce4b-4497-a381-20b7256f56f0 SMTP_HOSTNAME=localhost ELASTIC_MEMORY_SIZE=16G
For the service, "opencti:" I see the OpenCTI API ready on 8080. No other errors.
Log attached here: opencti.log
I have the same error when using dockers
me to
Hello,
This error is just telling you that the connector is not able to reach the OpenCTI API.
Are you able to access to the UI? Are you sure tokens are matching?
Don't hesitate to join the Slack channel for further assistance.
Kind regards, Samuel
Was this ever resolved? I get the same issue. I have the AlienVault connector in the same docker-compose file as everything else, I can access the UI and the token is correctly set. It keeps going (using Portainer) from created, to running, to failed, and repeats. I can see it being assigned to the same network as everything else but it just fails due to the API connection error.
I am having the same issue as well.
I am having the same issue as well.
I see from logs that workers and connectors are returning always ValueError: OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration. The platform is up and running but OpenCTI API is not reachable.
I tried to change to the latest - to align the versions and add the networks (now commented), but nothing. I also tried to connect Alienvault.... with the same result.
worker_1 | INFO:pycti.entities:Listing Threat-Actors with filters null. worker_1 | Traceback (most recent call last): worker_1 | File "/opt/opencti-worker/worker.py", line 522, in
worker_1 | worker = Worker()
worker_1 | File "", line 6, in init
worker_1 | File "/opt/opencti-worker/worker.py", line 430, in post_init
worker_1 | self.api = OpenCTIApiClient(
worker_1 | File "/usr/local/lib/python3.9/site-packages/pycti/api/opencti_api_client.py", line 197, in init__
worker_1 | raise ValueError(
worker_1 | ValueError: OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration...
worker_1 | INFO:pycti.entities:Listing Threat-Actors with filters null.
worker_1 | Traceback (most recent call last):
worker_1 | File "/opt/opencti-worker/worker.py", line 522, in
worker_1 | worker = Worker()
worker_1 | File "", line 6, in init
worker_1 | File "/opt/opencti-worker/worker.py", line 430, in __post_init
worker_1 | self.api = OpenCTIApiClient(
worker_1 | File "/usr/local/lib/python3.9/site-packages/pycti/api/opencti_api_client.py", line 197, in init
worker_1 | raise ValueError(
worker_1 | ValueError: OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration...
connector-import-file-stix_1 | Error: unable to import required numpy module. connector-import-document_1 | {"timestamp": "2023-03-03T20:08:33.716687Z", "level": "INFO", "name": "pycti.entities", "message": "Listing Threat-Actors with filters null."} opencti-docker_worker_1 exited with code 1 connector-import-document_1 | Traceback (most recent call last): connector-import-document_1 | File "/opt/opencti-connector-import-document/main.py", line 7, in
connector-import-document_1 | connector = ReportImporter()
connector-import-document_1 | File "/opt/opencti-connector-import-document/reportimporter/core.py", line 39, in init
connector-import-document_1 | self.helper = OpenCTIConnectorHelper(config)
connector-import-document_1 | File "/usr/local/lib/python3.10/site-packages/pycti/connector/opencti_connector_helper.py", line 590, in init
connector-import-document_1 | self.api = OpenCTIApiClient(
connector-import-document_1 | File "/usr/local/lib/python3.10/site-packages/pycti/api/opencti_api_client.py", line 197, in init
connector-import-document_1 | raise ValueError(
connector-import-document_1 | ValueError: OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration...
connector-import-document_1 | Terminated
Environment
version: '3' services: redis: image: redis:7.0.8 restart: always volumes:
Comment out the line below for single-node
Uncomment line below below for a cluster of multiple nodes
- cluster.name=docker-cluster
command: server /data healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 30s timeout: 20s retries: 3 restart: always rabbitmq: image: rabbitmq:3.11-management environment:
networks:
- opencti-docker_default
networks:
opencti-docker_default:
external: true
volumes: esdata: s3data: redisdata: amqpdata:
Any insights?