Closed robj192 closed 2 years ago
Second try with a different application.conf that I found on Github and just added the ELK Auth part.
Conf file:
http.port = 9001
play.http.errorHandler = org.thp.cortex.services.ErrorHandler
play.modules.enabled += org.thp.cortex.Module
cache {
job = 10 minutes
user = 5 minutes
organization = 5 minutes
}
job {
timeout = 30 minutes
runners = [docker, process]
directory = ${java.io.tmpdir}
dockerDirectory = ${job.directory}
}
play.filters {
csrf.cookie.name = CORTEX-XSRF-TOKEN
csrf.header.name = X-CORTEX-XSRF-TOKEN
enabled = [
org.thp.cortex.services.StreamFilter,
org.elastic4play.services.TempFilter,
org.thp.cortex.services.CSRFFilter
]
}
play.http.session.cookieName = CORTEX_SESSION
# ElasticSearch
search {
index = cortex
uri = "http://127.0.0.1:9200/"
user = "cortex_elk"
password = <Redacted>
# Scroll keepalive
keepalive = 1m
pagesize = 50
nbshards = 5
nbreplicas = 1
settings {
mapping.nested_fields.limit = 100
}
}
auth.provider = ["local"]
auth.method.basic = false
datastore {
name = data
chunksize = 50k
hash {
main = "SHA-256"
extra = ["SHA-1", "MD5"]
}
attachment.password = "malware"
}
session {
warning = 5m
inactivity = 1h
}
stream.longpolling {
refresh = 1m
cache = 15m
nextItemMaxWait = 500ms
globalMaxWait = 1s
}
dblist.name = dblist
audit.name = audit
analyzer {
urls = []
fork-join-executor {
parallelism-min = 2
parallelism-factor = 2.0
parallelism-max = 4
}
}
responder {
urls = []
fork-join-executor {
parallelism-min = 2
parallelism-factor = 2.0
parallelism-max = 4
}
}
Logs:
2021-12-30 02:35:13,402 [INFO] from module in main - Loading model class org.thp.cortex.models.ReportModel
2021-12-30 02:35:13,403 [INFO] from module in main - Loading model class org.thp.cortex.models.WorkerModel
2021-12-30 02:35:13,403 [INFO] from module in main - Loading model class org.thp.cortex.models.UserModel
2021-12-30 02:35:13,403 [INFO] from module in main - Loading model class org.thp.cortex.models.OrganizationModel
2021-12-30 02:35:13,404 [INFO] from module in main - Loading model class org.elastic4play.services.DBListModel
2021-12-30 02:35:13,410 [INFO] from module in main - Loading authentication module class org.thp.cortex.services.LocalAuthSrv
2021-12-30 02:35:13,410 [INFO] from module in main - Loading authentication module class org.thp.cortex.services.OAuth2Srv
2021-12-30 02:35:13,410 [INFO] from module in main - Loading authentication module class org.elastic4play.services.auth.ADAuthSrv
2021-12-30 02:35:13,411 [INFO] from module in main - Loading authentication module class org.thp.cortex.services.KeyAuthSrv
2021-12-30 02:35:13,411 [INFO] from module in main - Loading authentication module class org.elastic4play.services.auth.LdapAuthSrv
2021-12-30 02:35:15,522 [INFO] from akka.event.slf4j.Slf4jLogger in application-akka.actor.default-dispatcher-5 - Slf4jLogger started
2021-12-30 02:35:18,184 [INFO] from org.thp.cortex.services.WorkerSrv in application-akka.actor.default-dispatcher-5 - New worker list:
2021-12-30 02:35:18,583 [INFO] from com.sksamuel.elastic4s.http.JavaClient$ in application-akka.actor.default-dispatcher-5 - Creating HTTP client on http://127.0.0.1:9200
2021-12-30 02:35:19,849 [ERROR] from org.elastic4play.database.DBConfiguration in application-akka.actor.default-dispatcher-6 - ElasticSearch request failure: POST:/cortex_6/_search?scroll=60000ms
StringEntity({"seq_no_primary_term":"true","query":{"bool":{"must":[{"term":{"relations":{"value":"worker"}}},{"match_all":{}}]}},"from":0,"sort":[{"_doc":{"order":"desc"}}]},Some(application/json))
=> ElasticError(security_exception,missing authentication credentials for REST request [/cortex_6/_search?scroll=60000ms],None,None,None,List(ElasticError(security_exception,missing authentication credentials for REST request [/cortex_6/_search?scroll=60000ms],None,None,None,null,None,None,None,List())),None,None,None,List())
2021-12-30 02:35:19,857 [WARN] from org.elastic4play.database.SearchWithScroll in application-akka.actor.default-dispatcher-7 - Search error
org.elastic4play.InternalError: Unknown error: ElasticError(security_exception,missing authentication credentials for REST request [/cortex_6/_search?scroll=60000ms],None,None,None,List(ElasticError(security_exception,missing authentication credentials for REST request [/cortex_6/_search?scroll=60000ms],None,None,None,null,None,None,None,List())),None,None,None,List())
at org.elastic4play.database.DBConfiguration.$anonfun$execute$2(DBConfiguration.scala:158)
at scala.concurrent.Future.$anonfun$flatMap$1(Future.scala:307)
at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:41)
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:56)
at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:93)
at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:85)
at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:93)
at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:48)
at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:48)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:175)
2021-12-30 02:35:19,914 [INFO] from org.thp.cortex.services.DockerJobRunnerSrv in main - Docker is not available
com.spotify.docker.client.exceptions.DockerException: java.util.concurrent.ExecutionException: javax.ws.rs.ProcessingException: java.lang.UnsatisfiedLinkError: could not load FFI provider jnr.ffi.provider.jffi.Provider
at com.spotify.docker.client.DefaultDockerClient.propagate(DefaultDockerClient.java:2828)
at com.spotify.docker.client.DefaultDockerClient.request(DefaultDockerClient.java:2692)
at com.spotify.docker.client.DefaultDockerClient.info(DefaultDockerClient.java:595)
at org.thp.cortex.services.DockerJobRunnerSrv.$anonfun$isAvailable$2(DockerJobRunnerSrv.scala:57)
at play.api.LoggerLike.info(Logger.scala:136)
at play.api.LoggerLike.info$(Logger.scala:133)
at play.api.Logger.info(Logger.scala:233)
at org.thp.cortex.services.DockerJobRunnerSrv.$anonfun$isAvailable$1(DockerJobRunnerSrv.scala:57)
at scala.runtime.java8.JFunction0$mcZ$sp.apply(JFunction0$mcZ$sp.java:23)
at scala.util.Try$.apply(Try.scala:213)
at org.thp.cortex.services.DockerJobRunnerSrv.isAvailable$lzycompute(DockerJobRunnerSrv.scala:56)
at org.thp.cortex.services.DockerJobRunnerSrv.isAvailable(DockerJobRunnerSrv.scala:55)
at org.thp.cortex.services.JobRunnerSrv$$anonfun$1.applyOrElse(JobRunnerSrv.scala:52)
at org.thp.cortex.services.JobRunnerSrv$$anonfun$1.applyOrElse(JobRunnerSrv.scala:51)
at scala.PartialFunction.$anonfun$runWith$1$adapted(PartialFunction.scala:145)
at scala.collection.mutable.ResizableArray.foreach(ResizableArray.scala:62)
at scala.collection.mutable.ResizableArray.foreach$(ResizableArray.scala:55)
at scala.collection.mutable.ArrayBuffer.foreach(ArrayBuffer.scala:49)
at scala.collection.TraversableLike.collect(TraversableLike.scala:406)
at scala.collection.TraversableLike.collect$(TraversableLike.scala:404)
at scala.collection.AbstractTraversable.collect(Traversable.scala:108)
at org.thp.cortex.services.JobRunnerSrv.<init>(JobRunnerSrv.scala:51)
at org.thp.cortex.services.JobRunnerSrv$$FastClassByGuice$$7cb671c9.newInstance(<generated>)
at com.google.inject.internal.DefaultConstructionProxyFactory$FastClassProxy.newInstance(DefaultConstructionProxyFactory.java:89)
at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:114)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306)
at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:42)
at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:65)
at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:113)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306)
at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:168)
at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:39)
at com.google.inject.internal.InternalInjectorCreator.loadEagerSingletons(InternalInjectorCreator.java:213)
at com.google.inject.internal.InternalInjectorCreator.injectDynamically(InternalInjectorCreator.java:184)
at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:111)
at com.google.inject.Guice.createInjector(Guice.java:87)
at com.google.inject.Guice.createInjector(Guice.java:78)
at play.api.inject.guice.GuiceBuilder.injector(GuiceInjectorBuilder.scala:200)
at play.api.inject.guice.GuiceApplicationBuilder.build(GuiceApplicationBuilder.scala:155)
at play.api.inject.guice.GuiceApplicationLoader.load(GuiceApplicationLoader.scala:21)
at play.core.server.ProdServerStart$.start(ProdServerStart.scala:54)
at play.core.server.ProdServerStart$.main(ProdServerStart.scala:30)
at play.core.server.ProdServerStart.main(ProdServerStart.scala)
Caused by: java.util.concurrent.ExecutionException: javax.ws.rs.ProcessingException: java.lang.UnsatisfiedLinkError: could not load FFI provider jnr.ffi.provider.jffi.Provider
at jersey.repackaged.com.google.common.util.concurrent.AbstractFuture$Sync.getValue(AbstractFuture.java:299)
at jersey.repackaged.com.google.common.util.concurrent.AbstractFuture$Sync.get(AbstractFuture.java:286)
at jersey.repackaged.com.google.common.util.concurrent.AbstractFuture.get(AbstractFuture.java:116)
at com.spotify.docker.client.DefaultDockerClient.request(DefaultDockerClient.java:2690)
... 44 common frames omitted
Caused by: javax.ws.rs.ProcessingException: java.lang.UnsatisfiedLinkError: could not load FFI provider jnr.ffi.provider.jffi.Provider
at org.glassfish.jersey.client.ClientRuntime.processFailure(ClientRuntime.java:202)
at org.glassfish.jersey.client.ClientRuntime.access$400(ClientRuntime.java:79)
at org.glassfish.jersey.client.ClientRuntime$2.run(ClientRuntime.java:182)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:340)
at org.glassfish.jersey.client.ClientRuntime$3.run(ClientRuntime.java:210)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.UnsatisfiedLinkError: could not load FFI provider jnr.ffi.provider.jffi.Provider
at jnr.ffi.provider.InvalidProvider$1.loadLibrary(InvalidProvider.java:48)
at jnr.ffi.LibraryLoader.load(LibraryLoader.java:325)
at jnr.unixsocket.Native.<clinit>(Native.java:80)
at jnr.unixsocket.UnixSocketChannel.<init>(UnixSocketChannel.java:101)
at jnr.unixsocket.UnixSocketChannel.open(UnixSocketChannel.java:60)
at com.spotify.docker.client.UnixConnectionSocketFactory.createSocket(UnixConnectionSocketFactory.java:69)
at com.spotify.docker.client.UnixConnectionSocketFactory.createSocket(UnixConnectionSocketFactory.java:44)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:119)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
at org.glassfish.jersey.apache.connector.ApacheConnector.apply(ApacheConnector.java:435)
at org.glassfish.jersey.apache.connector.ApacheConnector$1.run(ApacheConnector.java:491)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at jersey.repackaged.com.google.common.util.concurrent.MoreExecutors$DirectExecutorService.execute(MoreExecutors.java:299)
at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112)
at jersey.repackaged.com.google.common.util.concurrent.AbstractListeningExecutorService.submit(AbstractListeningExecutorService.java:50)
at jersey.repackaged.com.google.common.util.concurrent.AbstractListeningExecutorService.submit(AbstractListeningExecutorService.java:37)
at org.glassfish.jersey.apache.connector.ApacheConnector.apply(ApacheConnector.java:487)
at org.glassfish.jersey.client.ClientRuntime$2.run(ClientRuntime.java:178)
... 12 common frames omitted
Caused by: java.lang.UnsatisfiedLinkError: could not get native definition for type: POINTER
at com.kenai.jffi.Type$Builtin.lookupTypeInfo(Type.java:251)
at com.kenai.jffi.Type$Builtin.getTypeInfo(Type.java:237)
at com.kenai.jffi.Type.resolveSize(Type.java:155)
at com.kenai.jffi.Type.size(Type.java:138)
at jnr.ffi.provider.jffi.NativeRuntime$TypeDelegate.size(NativeRuntime.java:178)
at jnr.ffi.provider.AbstractRuntime.<init>(AbstractRuntime.java:48)
at jnr.ffi.provider.jffi.NativeRuntime.<init>(NativeRuntime.java:57)
at jnr.ffi.provider.jffi.NativeRuntime.<init>(NativeRuntime.java:41)
at jnr.ffi.provider.jffi.NativeRuntime$SingletonHolder.<clinit>(NativeRuntime.java:53)
at jnr.ffi.provider.jffi.NativeRuntime.getInstance(NativeRuntime.java:49)
at jnr.ffi.provider.jffi.Provider.<init>(Provider.java:29)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.lang.Class.newInstance(Class.java:442)
at jnr.ffi.provider.FFIProvider$SystemProviderSingletonHolder.getInstance(FFIProvider.java:68)
at jnr.ffi.provider.FFIProvider$SystemProviderSingletonHolder.<clinit>(FFIProvider.java:57)
at jnr.ffi.provider.FFIProvider.getSystemProvider(FFIProvider.java:35)
at jnr.ffi.LibraryLoader.create(LibraryLoader.java:73)
at jnr.unixsocket.Native.<clinit>(Native.java:76)
... 35 common frames omitted
Caused by: java.lang.UnsatisfiedLinkError: java.lang.UnsatisfiedLinkError: /tmp/jffi2157532894513123515.so: /tmp/jffi2157532894513123515.so: failed to map segment from shared object
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1934)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1817)
at java.lang.Runtime.load0(Runtime.java:810)
at java.lang.System.load(System.java:1088)
at com.kenai.jffi.internal.StubLoader.loadFromJar(StubLoader.java:376)
at com.kenai.jffi.internal.StubLoader.load(StubLoader.java:258)
at com.kenai.jffi.internal.StubLoader.<clinit>(StubLoader.java:449)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at com.kenai.jffi.Init.load(Init.java:68)
at com.kenai.jffi.Foreign$InstanceHolder.getInstanceHolder(Foreign.java:49)
at com.kenai.jffi.Foreign$InstanceHolder.<clinit>(Foreign.java:45)
at com.kenai.jffi.Foreign.getInstance(Foreign.java:103)
at com.kenai.jffi.Type$Builtin.lookupTypeInfo(Type.java:242)
at com.kenai.jffi.Type$Builtin.getTypeInfo(Type.java:237)
at com.kenai.jffi.Type.resolveSize(Type.java:155)
at com.kenai.jffi.Type.size(Type.java:138)
at jnr.ffi.provider.jffi.NativeRuntime$TypeDelegate.size(NativeRuntime.java:178)
at jnr.ffi.provider.AbstractRuntime.<init>(AbstractRuntime.java:48)
at jnr.ffi.provider.jffi.NativeRuntime.<init>(NativeRuntime.java:57)
at jnr.ffi.provider.jffi.NativeRuntime.<init>(NativeRuntime.java:41)
at jnr.ffi.provider.jffi.NativeRuntime$SingletonHolder.<clinit>(NativeRuntime.java:53)
at jnr.ffi.provider.jffi.NativeRuntime.getInstance(NativeRuntime.java:49)
at jnr.ffi.provider.jffi.Provider.<init>(Provider.java:29)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.lang.Class.newInstance(Class.java:442)
at jnr.ffi.provider.FFIProvider$SystemProviderSingletonHolder.getInstance(FFIProvider.java:68)
at jnr.ffi.provider.FFIProvider$SystemProviderSingletonHolder.<clinit>(FFIProvider.java:57)
at jnr.ffi.provider.FFIProvider.getSystemProvider(FFIProvider.java:35)
at jnr.ffi.LibraryLoader.create(LibraryLoader.java:73)
at jnr.unixsocket.Native.<clinit>(Native.java:76)
at jnr.unixsocket.UnixSocketChannel.<init>(UnixSocketChannel.java:101)
at jnr.unixsocket.UnixSocketChannel.open(UnixSocketChannel.java:60)
at com.spotify.docker.client.UnixConnectionSocketFactory.createSocket(UnixConnectionSocketFactory.java:69)
at com.spotify.docker.client.UnixConnectionSocketFactory.createSocket(UnixConnectionSocketFactory.java:44)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:119)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
at org.glassfish.jersey.apache.connector.ApacheConnector.apply(ApacheConnector.java:435)
at org.glassfish.jersey.apache.connector.ApacheConnector$1.run(ApacheConnector.java:491)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at jersey.repackaged.com.google.common.util.concurrent.MoreExecutors$DirectExecutorService.execute(MoreExecutors.java:299)
at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112)
at jersey.repackaged.com.google.common.util.concurrent.AbstractListeningExecutorService.submit(AbstractListeningExecutorService.java:50)
at jersey.repackaged.com.google.common.util.concurrent.AbstractListeningExecutorService.submit(AbstractListeningExecutorService.java:37)
at org.glassfish.jersey.apache.connector.ApacheConnector.apply(ApacheConnector.java:487)
at org.glassfish.jersey.client.ClientRuntime$2.run(ClientRuntime.java:178)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:340)
at org.glassfish.jersey.client.ClientRuntime$3.run(ClientRuntime.java:210)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
at com.kenai.jffi.Foreign.newLoadError(Foreign.java:72)
at com.kenai.jffi.Foreign.access$300(Foreign.java:42)
at com.kenai.jffi.Foreign$InValidInstanceHolder.getForeign(Foreign.java:98)
at com.kenai.jffi.Foreign.getInstance(Foreign.java:103)
at com.kenai.jffi.Type$Builtin.lookupTypeInfo(Type.java:242)
... 55 common frames omitted
Caused by: java.lang.UnsatisfiedLinkError: java.lang.UnsatisfiedLinkError: /tmp/jffi2157532894513123515.so: /tmp/jffi2157532894513123515.so: failed to map segment from shared object
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1934)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1817)
at java.lang.Runtime.load0(Runtime.java:810)
at java.lang.System.load(System.java:1088)
at com.kenai.jffi.internal.StubLoader.loadFromJar(StubLoader.java:376)
at com.kenai.jffi.internal.StubLoader.load(StubLoader.java:258)
at com.kenai.jffi.internal.StubLoader.<clinit>(StubLoader.java:449)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at com.kenai.jffi.Init.load(Init.java:68)
at com.kenai.jffi.Foreign$InstanceHolder.getInstanceHolder(Foreign.java:49)
at com.kenai.jffi.Foreign$InstanceHolder.<clinit>(Foreign.java:45)
at com.kenai.jffi.Foreign.getInstance(Foreign.java:103)
at com.kenai.jffi.Type$Builtin.lookupTypeInfo(Type.java:242)
at com.kenai.jffi.Type$Builtin.getTypeInfo(Type.java:237)
at com.kenai.jffi.Type.resolveSize(Type.java:155)
at com.kenai.jffi.Type.size(Type.java:138)
at jnr.ffi.provider.jffi.NativeRuntime$TypeDelegate.size(NativeRuntime.java:178)
at jnr.ffi.provider.AbstractRuntime.<init>(AbstractRuntime.java:48)
at jnr.ffi.provider.jffi.NativeRuntime.<init>(NativeRuntime.java:57)
at jnr.ffi.provider.jffi.NativeRuntime.<init>(NativeRuntime.java:41)
at jnr.ffi.provider.jffi.NativeRuntime$SingletonHolder.<clinit>(NativeRuntime.java:53)
at jnr.ffi.provider.jffi.NativeRuntime.getInstance(NativeRuntime.java:49)
at jnr.ffi.provider.jffi.Provider.<init>(Provider.java:29)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.lang.Class.newInstance(Class.java:442)
at jnr.ffi.provider.FFIProvider$SystemProviderSingletonHolder.getInstance(FFIProvider.java:68)
at jnr.ffi.provider.FFIProvider$SystemProviderSingletonHolder.<clinit>(FFIProvider.java:57)
at jnr.ffi.provider.FFIProvider.getSystemProvider(FFIProvider.java:35)
at jnr.ffi.LibraryLoader.create(LibraryLoader.java:73)
at jnr.unixsocket.Native.<clinit>(Native.java:76)
at jnr.unixsocket.UnixSocketChannel.<init>(UnixSocketChannel.java:101)
at jnr.unixsocket.UnixSocketChannel.open(UnixSocketChannel.java:60)
at com.spotify.docker.client.UnixConnectionSocketFactory.createSocket(UnixConnectionSocketFactory.java:69)
at com.spotify.docker.client.UnixConnectionSocketFactory.createSocket(UnixConnectionSocketFactory.java:44)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:119)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
at org.glassfish.jersey.apache.connector.ApacheConnector.apply(ApacheConnector.java:435)
at org.glassfish.jersey.apache.connector.ApacheConnector$1.run(ApacheConnector.java:491)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at jersey.repackaged.com.google.common.util.concurrent.MoreExecutors$DirectExecutorService.execute(MoreExecutors.java:299)
at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112)
at jersey.repackaged.com.google.common.util.concurrent.AbstractListeningExecutorService.submit(AbstractListeningExecutorService.java:50)
at jersey.repackaged.com.google.common.util.concurrent.AbstractListeningExecutorService.submit(AbstractListeningExecutorService.java:37)
at org.glassfish.jersey.apache.connector.ApacheConnector.apply(ApacheConnector.java:487)
at org.glassfish.jersey.client.ClientRuntime$2.run(ClientRuntime.java:178)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:340)
at org.glassfish.jersey.client.ClientRuntime$3.run(ClientRuntime.java:210)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
at com.kenai.jffi.internal.StubLoader.load(StubLoader.java:270)
at com.kenai.jffi.internal.StubLoader.<clinit>(StubLoader.java:449)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at com.kenai.jffi.Init.load(Init.java:68)
at com.kenai.jffi.Foreign$InstanceHolder.getInstanceHolder(Foreign.java:49)
at com.kenai.jffi.Foreign$InstanceHolder.<clinit>(Foreign.java:45)
... 57 common frames omitted
2021-12-30 02:35:21,056 [WARN] from org.thp.cortex.services.JobRunnerSrv in main - The package cortexutils for python hasn't been found
2021-12-30 02:35:21,058 [WARN] from org.thp.cortex.services.JobRunnerSrv in main - The package cortexutils for python2 hasn't been found
2021-12-30 02:35:21,812 [WARN] from org.thp.cortex.services.JobRunnerSrv in main - The package cortexutils for python3 hasn't been found
2021-12-30 02:35:21,823 [ERROR] from org.elastic4play.database.DBConfiguration in application-akka.actor.default-dispatcher-5 - ElasticSearch request failure: POST:/cortex_6/_search?scroll=60000ms
StringEntity({"seq_no_primary_term":"true","query":{"bool":{"must":[{"term":{"relations":{"value":"job"}}},{"term":{"status":{"value":"Waiting"}}}]}},"from":0,"sort":[{"_doc":{"order":"desc"}}]},Some(application/json))
=> ElasticError(security_exception,missing authentication credentials for REST request [/cortex_6/_search?scroll=60000ms],None,None,None,List(ElasticError(security_exception,missing authentication credentials for REST request [/cortex_6/_search?scroll=60000ms],None,None,None,null,None,None,None,List())),None,None,None,List())
2021-12-30 02:35:21,823 [WARN] from org.elastic4play.database.SearchWithScroll in application-akka.actor.default-dispatcher-5 - Search error
org.elastic4play.InternalError: Unknown error: ElasticError(security_exception,missing authentication credentials for REST request [/cortex_6/_search?scroll=60000ms],None,None,None,List(ElasticError(security_exception,missing authentication credentials for REST request [/cortex_6/_search?scroll=60000ms],None,None,None,null,None,None,None,List())),None,None,None,List())
at org.elastic4play.database.DBConfiguration.$anonfun$execute$2(DBConfiguration.scala:158)
at scala.concurrent.Future.$anonfun$flatMap$1(Future.scala:307)
at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:41)
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:56)
at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:93)
at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:85)
at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:93)
at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:48)
at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:48)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:175)
Same result! Btw, I have yet to install the Analyzers, though I thought that it was pointless at the moment since I cant run the service.
@robj192 Hi, is this problem solved? I have the same problem with ELK Auth.
Request Type
Bug
Work Environment
Problem Description
I'm not being successful at making Cortex run. I've install ELK (which is running), I've configured ELK in Basic Auth mode and created a user named "cortex_elk". After executing Cortex, it dies after a few seconds.
From the logs (/var/log/cortex/application.log) I found warnings saying that "Cortexutils" was not found on the System, though I installed it (even did it from pip and by downloading the setup.py, both resulting in the following output):
Since this is a warning, I don't think Cortex is crashing because of this, however, it doesnt inspire much confidence on the Installation in general, since I know this component was installed, and for some reason I'm obtaining this error.
Complementary information
So far this is my application.conf file, only edited the ELK Auth part (every commented line have been removed in order to make it simple to read):
Hope this isn't too much, but here it is the output of /var/log/cortex/application.log after one execution:
Hopefully someone already had this issue and might help. Kind regards!