search

SafeAF / enterprise-log-search-and-archive

Automatically exported from code.google.com/p/enterprise-log-search-and-archive
0 stars 0 forks source link

Creating alert causes error #11

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
I am trying to create an alert from a query result and have just recently 
updated from CVS.

I am getting the following error in a popup every time I try to create an alert:

Invalid args, missing arg: connector

Additionally, when I try to look at the schedule Alerts from the ELSA drop-down 
menu, I get an error in the table saying "Data error"

Original issue reported on code.google.com by edavi...@gmail.com on 23 Feb 2012 at 5:13

GoogleCodeExporter commented 9 years ago 
Yep, my bad--working on a fix for this right now.  In the mean-time, you can 
use "Schedule Query" instead and choose the connector "Send to email."  I will 
have a fix posted by the end of the day.

Original comment by mchol...@gmail.com on 23 Feb 2012 at 5:39

GoogleCodeExporter commented 9 years ago 
Ok, just put this commit in to fix this.  The menu is now streamlined to 
provide alert and schedule in the same dialog and defaults to alerting.

Original comment by mchol...@gmail.com on 23 Feb 2012 at 6:56

GoogleCodeExporter commented 9 years ago 
OK, I fill check  it out.

Original comment by edavi...@gmail.com on 23 Feb 2012 at 7:14

GoogleCodeExporter commented 9 years ago 
One thing here.  I just tried update_from_svn.sh and got a message that it is 
now deprecated and to use install.sh node update.  That is fine but I am 
running into the same issue as using the update_from_svn.sh script, which is 
that elsa.conf is overwritten and since I am using a custom port for syslogs 
being forwarded, it means I have to remember to udpate this file every time I 
update.

Can this be changed somehow to make note of changes and alert the user or to 
protect the file or to show a diff and allow for interactive update?

Original comment by edavi...@gmail.com on 23 Feb 2012 at 7:20

GoogleCodeExporter commented 9 years ago 
That's a good suggestion.  Can you quick issue a feature-request bug for that?  
In the meantime, can you confirm that your alert issue is fixed?

Original comment by mchol...@gmail.com on 23 Feb 2012 at 8:15

GoogleCodeExporter commented 9 years ago 
It is not.  I still get the same error now when I try to schedule and alert.

Invalid args, missing arg: connector

Original comment by edavi...@gmail.com on 23 Feb 2012 at 9:44

GoogleCodeExporter commented 9 years ago 
You ran install.sh web update?  If you're running the latest code, its' not 
possible to get that error message, so either something is cached in your 
browser or the code didn't update.

Original comment by mchol...@gmail.com on 23 Feb 2012 at 10:42

GoogleCodeExporter commented 9 years ago 
Yes, I ran that at the time.
I just ran through the install.sh node update and install.sh web update today 
and tried again to run the alert.  This time I get the following error after I 
choose the frequency and hit OK.

DBD::mysql::st execute failed: Unknown column 'connector' in 'field list' 
QUERY: INSERT INTO query_schedule (uid, query, frequency, start, end, 
connector, params, last_alert, alert_threshold) VALUES (?, (SELECT query FROM 
query_log WHERE qid=?), ?, ?, ?, ?, ?, "1970-01-01 00:00:00", ?) at 
/usr/local/elsa/web/lib/API.pm line 210 API::_dbh_error_handler('DBD::mysql::st 
execute failed: Unknown column \'connector\' i...', 
'DBI::st=HASH(0x2b0d7a6f0ee0)', 'undef') called at 
/usr/local/elsa/web/lib/API.pm line 1602 
API::schedule_query('API=HASH(0x2b0d78507260)', 'HASH(0x2b0d78174e90)') called 
at /usr/local/elsa/web/lib/Web/Query.pm line 30 eval {...} called at 
/usr/local/elsa/web/lib/Web/Query.pm line 28 
Web::Query::call('Web::Query=HASH(0x2b0d7a613b10)', 'HASH(0x2b0d78405900)') 
called at /usr/lib/perl5/site_perl/5.8.8/Plack/Component.pm line 39 
Plack::Component::__ANON__('HASH(0x2b0d78405900)') called at 
/usr/lib/perl5/site_perl/5.8.8/Plack/App/URLMap.pm line 71 
Plack::App::URLMap::call('Plack::App::URLMap=HASH(0x2b0d7a5bfba0)', 
'HASH(0x2b0d78405900)') called at 
/usr/lib/perl5/site_perl/5.8.8/Plack/Component.pm line 39 
Plack::Component::__ANON__('HASH(0x2b0d78405900)') called at 
/usr/lib/perl5/site_perl/5.8.8/Plack/Middleware/Session.pm line 52 
Plack::Middleware::Session::call('Plack::Middleware::Session=HASH(0x2b0d7a614550
)', 'HASH(0x2b0d78405900)') called at 
/usr/lib/perl5/site_perl/5.8.8/Plack/Component.pm line 39 
Plack::Component::__ANON__('HASH(0x2b0d78405900)') called at 
/usr/lib/perl5/site_perl/5.8.8/Plack/Middleware/CrossOrigin.pm line 115 
Plack::Middleware::CrossOrigin::call('Plack::Middleware::CrossOrigin=HASH(0x2b0d
7a65a810)', 'HASH(0x2b0d78405900)') called at 
/usr/lib/perl5/site_perl/5.8.8/Plack/Component.pm line 39 
Plack::Component::__ANON__('HASH(0x2b0d78405900)') called at 
/usr/lib/perl5/site_perl/5.8.8/Plack/Middleware/Static.pm line 18 
Plack::Middleware::Static::call('Plack::Middleware::Static=HASH(0x2b0d7a65aa80)'
, 'HASH(0x2b0d78405900)') called at 
/usr/lib/perl5/site_perl/5.8.8/Plack/Component.pm line 39 
Plack::Component::__ANON__('HASH(0x2b0d78405900)') called at 
/usr/lib/perl5/site_perl/5.8.8/Plack/Handler/Apache2.pm line 66 
Plack::Handler::Apache2::call_app('Plack::Handler::Apache2', 
'Apache2::RequestRec=SCALAR(0x2b0d70ac01f0)', 'CODE(0x2b0d7a65aa60)') called at 
/usr/lib/perl5/site_perl/5.8.8/Plack/Handler/Apache2.pm line 91 
Plack::Handler::Apache2::handler('Apache2::RequestRec=SCALAR(0x2b0d70ac01f0)') 
called at -e line 0 eval {...} called at -e line 0

Original comment by edavi...@gmail.com on 14 Mar 2012 at 8:30

GoogleCodeExporter commented 9 years ago 
Looks like the schema updates didn't work in the install.sh web update command. 
Try manually doing the following queries in elsa_web:

ALTER TABLE query_schedule DROP COLUMN action_params
ALTER TABLE query_schedule DROP FOREIGN KEY `query_schedule_ibfk_2`
ALTER TABLE query_schedule DROP COLUMN action_id
ALTER TABLE query_schedule ADD COLUMN connector VARCHAR(255)
ALTER TABLE query_schedule ADD COLUMN params VARCHAR(8000)

Original comment by mchol...@gmail.com on 14 Mar 2012 at 8:42

GoogleCodeExporter commented 9 years ago 
Well, looks like a bit bigger issue than the schema update.  I am missing the 
query_schedule table entirely.  I going to check the elsa directories for the 
mysql schema and see if it is in there.  If so, I will create the table.  I 
will let you know the outcome.

Original comment by edavi...@gmail.com on 14 Mar 2012 at 9:52

GoogleCodeExporter commented 9 years ago 
Nevermind.  The tables were there.  I was looking in syslog rather than 
elsa_web.  I have applied the schema updates and will see if the query now 
works.

Original comment by edavi...@gmail.com on 14 Mar 2012 at 10:01

GoogleCodeExporter commented 9 years ago 
Ok, now I can schedule an alert and can see the scheduled queries.  Good 
progress so far.

Thanks.

Original comment by edavi...@gmail.com on 14 Mar 2012 at 10:02

GoogleCodeExporter commented 9 years ago 
OK, the next issue has come up.  I can see the schedule tasks but action is set 
to "undefined".  I try to set it to Email and I get a pop-up error saying 
"Invalid arg: action".  The same pop for Create Ticket and Save.

Original comment by edavi...@gmail.com on 14 Mar 2012 at 10:11

GoogleCodeExporter commented 9 years ago 
The actions table is empty.

Original comment by edavi...@gmail.com on 14 Mar 2012 at 10:21

GoogleCodeExporter commented 9 years ago 
Ok, that means that for whatever reason, the install.sh web update didn't work 
because the code you are running is old.  Can you run again and check for any 
problems?

Original comment by mchol...@gmail.com on 15 Mar 2012 at 2:32