search

TheHive-Project / CortexDocs

Documentation of Cortex
https://docs.strangebee.com/cortex
GNU Affero General Public License v3.0
170 stars 122 forks source link

cortex service exited status #23

Open robomotic opened 5 years ago

robomotic commented 5 years ago

Hello there, I have installed thehive with elasticsearch backend via binary, then installed the cortex binaries as well and followed the instructions. When I start the cortex service I get this error:

pino@optimus:/opt/cortex$ sudo service cortex status ● cortex.service - cortex Loaded: loaded (/usr/lib/systemd/system/cortex.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Tue 2018-11-13 18:54:23 GMT; 45s ago Docs: https://thehive-project.org Process: 19464 ExecStart=/opt/cortex/bin/cortex -Dconfig.file=/etc/cortex/application.conf -Dlogger.file=/etc/cortex/logback.xml -Dpidfile.path=/dev/null (code=exited, status=25 Main PID: 19464 (code=exited, status=255)

Nov 13 18:54:22 optimus systemd[1]: Started cortex. Nov 13 18:54:23 optimus systemd[1]: cortex.service: Main process exited, code=exited, status=255/n/a Nov 13 18:54:23 optimus systemd[1]: cortex.service: Failed with result 'exit-code'.

My application.conf is pretty basic:

search {

Index name.

index = cortex

ElasticSearch cluster name.

cluster = hive

ElasticSearch instance address.

host = ["127.0.0.1:9300"]

Scroll keepalive.

keepalive = 1m

Scroll page size.

pagesize = 50 }

play.http.secret.key="blah"

analyzer.path = ["/opt/Cortex-Analyzers/analyzers"]

ElasticSearch is up and running and of course TheHive is working perfectly, I am not sure what that error message means, any help is appreciated.

Cheers.

saadkadhi commented 5 years ago

Did you have a look at /var/log/cortex/application.log? Any outstanding errors there? Can you provide relevant yet sanitized excerpts so we can help?

robomotic commented 5 years ago

Yes I think I have found the issue by launching via the commandline and grabbing the errors:

Oops, cannot start the server. ch.qos.logback.core.joran.spi.JoranException: Could not open URL [file:/etc/cortex/logback.xml]. at ch.qos.logback.core.joran.GenericConfigurator.doConfigure(GenericConfigurator.java:57)

In fact in that folder I only see application.conf, I guess I need just to copy that file from the opt folder?

robomotic commented 5 years ago

Yes that fixed it, you should edit your documentation from this:

sudo addgroup cortex sudo adduser --system cortex sudo cp /opt/cortex/package/cortex.service /usr/lib/systemd/system sudo chown -R cortex:cortex /opt/cortex sudo chgrp cortex /etc/cortex/application.conf sudo chmod 640 /etc/cortex/application.conf sudo systemctl enable cortex sudo service cortex start

and add:

sudo cp /opt/cortex/conf/logback.xml /etc/cortex/logback.xml sudo chgrp cortex /etc/cortex/logback.xml sudo chmod 640 /etc/cortex/logback.xml

robomotic commented 5 years ago

I also noticed that the service is not producing any logs in the file you mentioned: /var/log/cortex/application.log.

Do I need to setup that one in the application configuration? I have tried to see if there are any logs in the service default via:

sudo journalctl -u cortex

however it just logs service starts and stop.

robomotic commented 5 years ago

Yes I had to add these 2 lines in the service configuration file:

StandardOutput=file:/etc/cortex/cortex.log StandardError=file:/etc/cortex/cortex.err

and I can see my logs.