jasonearljohnson
commented
5 years ago We are running into the same thing after upgrading. to 0.9.62 which we are running into many other issues with.
Open migueltorre opened 5 years ago
jasonearljohnson
commented
5 years ago We are running into the same thing after upgrading. to 0.9.62 which we are running into many other issues with.
jtschichold
commented
5 years ago @migueltorre:
migueltorre
commented
5 years ago Hi Luigui,
I'm running into:
DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_CODENAME=xenial DISTRIB_DESCRIPTION="Ubuntu 16.04.6 LTS"
I installed according to this article https://live.paloaltonetworks.com/t5/MineMeld-Articles/Manually-install-MineMeld-on-Ubuntu-Server-16-04/ta-p/253336
And I'm using 2 Firewalls for this test. I realized about someting, when I use minemeld output with PaloAlto firewall it works fine, but when I use the same outputs with Fortinet Firewall it doens't work and occur the next:
If I try to retrieve an output with 142 or less indicators, it works. The Firewall shows the entries from minemeld output node. If I try to retrieve 150 or more indicators from an minemeld output, it doesn't works. The entries in the Firewall are empty.
Thanks,
jtschichold
commented
5 years ago Please could you provide the full minemeld-web.log? If you prefer you can send it to my private email lmori@paloaltonetworks.com
migueltorre
commented
5 years ago Hi Lugui,
Sure, I sent you an email from miguel.torre@supra.com.pe.
Thanks,
jtschichold
commented
5 years ago Checked the logs and it seems there other issues with the instance as the engine seems unresponsive. Did you install from binaries?
migueltorre
commented
5 years ago Yes, I installed it using the binary packages on an Ubuntu Server 16.04.
My organization use two Firewall verdors (Fortinet and Paloalto). In Paloalto works fine, I don´t know why in Fortintet, the firewall FortiGate can't retrieves more than 142 indicators.
Hi,
I'm using outputs feeds from minemeld in my Firewall and I have seen the next:
1) If I try to retrieve an output with 142 or less indicators, it works. The Firewall shows the entries from minemeld output node. 2) If I try to retrieve 150 or more indicators from an minemeld output, it doesn't works. The entries in the Firewall are empty.
The logs in/opt/minemeld/log/minemeld-web.log show this:
Traceback (most recent call last): File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/minemeld/flask/events.py", line 28, in _retry_wrap self._listen() File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/minemeld/flask/events.py", line 37, in _listen pubsub = self.SR.pubsub(ignore_subscribe_messages=True) File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/client.py", line 563, in pubsub return PubSub(self.connection_pool, kwargs) File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/client.py", line 2079, in init conn = connection_pool.get_connection('pubsub', shard_hint) File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/connection.py", line 897, in get_connection connection = self.make_connection() File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/connection.py", line 904, in make_connection raise ConnectionError("Too many connections") ConnectionError: Too many connections [2019-06-12 20:31:39 UTC] [12421] [ERROR] Exception in event listener Traceback (most recent call last): File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/minemeld/flask/events.py", line 28, in _retry_wrap self._listen() File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/minemeld/flask/events.py", line 37, in _listen pubsub = self.SR.pubsub(ignore_subscribe_messages=True) File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/client.py", line 563, in pubsub return PubSub(self.connection_pool, kwargs) File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/client.py", line 2079, in init conn = connection_pool.get_connection('pubsub', shard_hint) File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/connection.py", line 897, in get_connection connection = self.make_connection() File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/connection.py", line 904, in make_connection raise ConnectionError("Too many connections") ConnectionError: Too many connections [2019-06-12 20:31:39 UTC] [12421] [ERROR] Exception in event listener Traceback (most recent call last):
Could someone help me?
Thanks in advance!