Error when trying to install manually OPENCTI

[ghost]

Description

I'm trying to install OpenCTI manually, and when I execute the "yarn serv" command, an error appears: {"category":"APP","level":"info","message":"[OPENCTI] Starting platform","timestamp":"2022-03-14T12:17:25.246Z","version":"5.2.1"} {"category":"APP","error":{"_error":{},"_showLocations":false,"_showPath":false,"data":{"category":"technical","error":"connect ECONNREFUSED 127.0.0.1:9200","http_status":500,"reason":"ElasticSearch seems down"},"internalData":{},"name":"ConfigurationError","time_thrown":"2022-03-14T12:17:25.261Z"},"level":"error","message":"[OPENCTI] Platform initialization fail","timestamp":"2022-03-14T12:17:25.261Z","version":"5.2.1"} ConfigurationError: A configuration error has occurred at Q0 (/home/tanium/opencti-tool/opencti/build/src/config/errors.js:8:10) at X0 (/home/tanium/opencti-tool/opencti/build/src/config/errors.js:47:53) at /home/tanium/opencti-tool/opencti/build/src/database/engine.js:159:15 at processTicksAndRejections (node:internal/process/task_queues:96:5) at h9t (/home/tanium/opencti-tool/opencti/build/src/database/engine.js:149:3) at jMe (/home/tanium/opencti-tool/opencti/build/src/initialization.js:119:3) at rhr (/home/tanium/opencti-tool/opencti/build/src/initialization.js:370:5) at hjn (/home/tanium/opencti-tool/opencti/build/src/boot.js:9:3)

I configured the tool, changing some configuration from production.json: { "app": { "port": 8080, "base_path": "", "base_url": "", "enabled": true, "https_cert": { "ca": [], "key": null, "crt": null, "reject_unauthorized": true, "cookie_secure": false }, "app_logs": { "logs_level": "info", "logs_files": true, "logs_console": true, "logs_max_files": 7, "logs_directory": "./logs" }, "audit_logs": { "logs_files": true, "logs_console": true, "logs_max_files": 7, "logs_directory": "./logs" }, "telemetry": { "prometheus": { "enabled": false, "metrics_path": "/prometheus/metrics" } }, "request_timeout": 1200000, "session_timeout": 1200000, "session_manager": "shared", "rate_protection": { "time_window": 1, "max_requests": 10000 }, "concurrency": { "retry_count": 100, "retry_delay": 250, "retry_jitter": 100, "max_ttl": 60000, "extension_threshold": 5000 }, "live_stream": { "cache_max_size": 5000, "cache_max_time": 2 }, "performance_logger": false, "map_tile_server_dark": "https://map.opencti.io/styles/luatix-dark/{z}/{x}/{y}.png", "map_tile_server_light": "https://map.opencti.io/styles/luatix-light/{z}/{x}/{y}.png", "enforce_references": [], "reference_attachment": false, "admin": { "email": "admin@open.cti", "password": "admin123", "token": "8a07d4a0-c57d-40d5-9392-cf2b462939b4" } }, "rule_engine": { "enabled": true, "lock_key": "rule_engine_lock", "status_writing_delay": 2000 }, "task_scheduler": { "enabled": true, "lock_key": "task_manager_lock", "interval": 10000 }, "expiration_scheduler": { "enabled": true, "lock_key": "expired_manager_lock", "interval": 300000 }, "subscription_scheduler": { "enabled": false, "lock_key": "subscription_manager_lock", "interval": 10000 }, "sync_manager": { "enabled": true, "lock_key": "sync_manager_lock", "interval": 10000 }, "retention_manager": { "enabled": true, "lock_key": "retention_manager_lock", "interval": 60000 }, "redis": { "namespace": "", "hostname": "redis", "use_ssl": false, "ca": [], "port": 6379, "trimming": 0, "use_as_cache": false }, "elasticsearch": { "index_prefix": "opencti", "url": "http://localhost:9200/", "index_creation_pattern": "-000001", "search_ignore_throttled": false, "max_pagination_result": 5000, "max_concurrency": 2 }, "minio": { "bucket_name": "opencti-bucket", "endpoint": "localhost", "port": 9000, "use_ssl": false, "access_key": "admin", "secret_key": "admin123" }, "rabbitmq": { "hostname": "rabbitmq", "use_ssl": false, "ca": [], "port": 5672, "port_management": 15672, "management_ssl": false, "username": "guest", "password": "guest" }, "smtp": { "hostname": "smtp", "use_ssl": false, "reject_unauthorized": false, "port": 25, "username": "", "password": "", "from_email": "notifications@opencti.io" }, "providers": { "local": { "strategy": "LocalStrategy" } } }

Can someone help me? Thanks.

[JeromeSRT]

Hello, it seems elasticsearch is not running. See "Elasticsearch seems down". Jérôme.

[JeromeSRT]

You extract the files from the OpenCTI-release-5.2.1.tar.gz file ?

[ghost]

Hello, yes I've extracted the files from the OpenCTI-release-5.2.1.tar.gz file. Do you have any explanation, why elasticsearch is not running?

[JeromeSRT]

Hello, maybe Elasticsearch is NT installed, its start failed.

[ghost]

I have installed the elasticsearch 8.1.0 version, and the same error appears! If I try to start elastic search using system enable elasticsearch.service this error appears in console: **elasticsearch.service - Elasticsearch Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Tue 2022-03-15 10:24:11 CET; 44s ago Docs: https://www.elastic.co/ Process: 1649457 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet (code=killed, signal=KI> Main PID: 1649457 (code=killed, signal=KILL) Tasks: 0 (limit: 9301) Memory: 5.6M CGroup: /system.slice/elasticsearch.service

mar 15 10:23:19 pc systemd[1]: Starting Elasticsearch... mar 15 10:24:11 pc systemd[1]: elasticsearch.service: Main process exited, code=killed, status=9/KILL mar 15 10:24:11 pc systemd[1]: elasticsearch.service: Failed with result 'signal'. mar 15 10:24:11 pc systemd[1]: Failed to start Elasticsearch. mar 15 10:24:11 pc systemd-entrypoint[1650191]: 2022-03-15 09:24:11,546428 UTC [1650191] INFO Main.cc@112 Parent process died - ML controller**

[JeromeSRT]

Ok your elasticsearch service do not start, you are under Ubuntu OS?

[ghost]

Yes, i'm using Ubuntu!

[JeromeSRT]

Hello, I will try to send you a paper I wrote when I used OpenCTI under Ubuntu.

[guoaijie]

Hello, I will try to send you a paper I wrote when I used OpenCTI under Ubuntu.

Pls do you have a tutorial for docker installation under Ubuntu, I had some problems during the recent installation process, http://localhost:8080 interface is inaccessible.

[JeromeSRT]

Hello, I have one in French, you didn't find in the official documentation on GitHub.com ? Cyber_Threat_Intelligence_OpenCTI_1645439650.pdf

[guoaijie]

Hello, I have one in French, you didn't find in the official documentation on GitHub.com ? Cyber_Threat_Intelligence_OpenCTI_1645439650.pdf

After docker-compose up, you can't access the web interface, do you know what the problem is

[JeromeSRT]

Hello, I have one in French, you didn't find in the official documentation on GitHub.com ? Cyber_Threat_Intelligence_OpenCTI_1645439650.pdf

After docker-compose up, you can't access the web interface, do you know what the problem is

Did you see in OpenCTI logs ? May be OpenCTI didn't start correctly.

[JeromeSRT]

Hello, I have one in French, you didn't find in the official documentation on GitHub.com ? Cyber_Threat_Intelligence_OpenCTI_1645439650.pdf

After docker-compose up, you can't access the web interface, do you know what the problem is

I don't use Docker to run OpenCTI.

[JeromeSRT]

Hello, I have one in French, you didn't find in the official documentation on GitHub.com ? Cyber_Threat_Intelligence_OpenCTI_1645439650.pdf

After docker-compose up, you can't access the web interface, do you know what the problem is

Hello, no I don't know... Sorry

[guoaijie]

Although I don't know what the problem is, I've restarted successfully. Thank you for your reply. Good luck!

[ghost]

Hello, I have one in French, you didn't find in the official documentation on GitHub.com ? Cyber_Threat_Intelligence_OpenCTI_1645439650.pdf

Hello Jerome,

I still have the elasticsearch problem! Dou you know how to solve this?

[JeromeSRT]

Hello, you will find the elasticsearch.service I used when my OpenCTI ran under Ubuntu.

Remove the '.txt' extension before using it.

elasticsearch.service.txt

[JeromeSRT]

Hello, you will find the tutorial I wrote to install OpenCTI under Ubuntu. Ubuntu-Guide-Install-OpenCTI.pdf