Issues in opening a triage

[xycloops123]

Hello NightHawk Team,

After uploading the .mans file I am unable to open it? Any solutions for this? Thanks XM

[biggiesmallsAG]

Hi XM,

Can you give me some more details;

• Is this a mans file from Redline or HX?
• Did you name the case the same as the endpoint name?
• Does the case appear with the endpoint inside it on the root tree the left?
• Did you use our audit script to take build the collection?

Regards,

Dan

[xycloops123]

Hi Dan,

I performed first 3 steps and have missed the 4th one

1. I am using a file from HX
2. Uploaded the file using the hostname that comesup in the HX console
3. Yes it does appear on the root tree

4.Did you use our audit script to take build the collection? Can you please elaborate more on this changes in the script and deploying it?

Regards, XM

[xycloops123]

Hi Dan,

https://github.com/biggiesmallsAG/nightHawkResponse/issues/6

The above issue cleared the first step of opening a triage but now as I am able to look at the root tree, the visuals are not visible on the right hand side. It seems the process gets stuck at some place while processing the data to be viewed.

Please Advise Thanks XM

[biggiesmallsAG]

Hi XM,

Did you change the IP address of the VM using the supplied "/opt/nighthawk/bin/nighthawkctl set-ip " ? It seems that your issue is likely due to change the IP address without using the nighthawkctl script. Can you confirm?

Regards,

Daniel

[xycloops123]

Hi Dan,

Yes I did change the IP using the nighthawkctl script.

Thanks XM

[biggiesmallsAG]

Hi XM,

Can you open the developer console and screenshot me the network response that you get when you click on an audit type? Also, can you zip up the logs in /opt/nighthawk/var/logs and send them over so i can see.

Regards,

Dan

[xycloops123]

Hi Dan,

Seems like its not able to fetch angularJS files

[biggiesmallsAG]

Hi XM,

Nope those map files are not needed. Can you get me the log files ?

Regards,

Dan

[xycloops123]

Experiencing some issues in uploading the log files.

[biggiesmallsAG]

Hey mate,

send them to my email; daniel.eden@gmail.com

Regards,

Dan

[nabeelz6]

I'm seeing this exact issue when trying clicking on any audit in the left-hand tree (using HX mans package). Page just hangs...

I'm using latest iso and didn't change the IP address. There seems to be loop for the same errors in console log (Failed to parse SourceMap: https://192.168.42.173/______.js.map, etc).

See the following in websocket log:

[pid: 1484|app: 0|req: 4/184] 0.0.0.0 () {48 vars in 950 bytes} [Wed Sep 7 20:14:35 2016] GET /ws/tasks?subscribe-broadcast => generated 289 bytes in 67964 msecs (HTTP/1.1 101) 4 headers in 185 bytes (0 switches on core 0) [07/Sep/2016 20:15:43] WARNING [django.request:120] WebSocketError: unable to receive websocket message Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ws4redis/wsgi_server.py", line 106, in call recvmsg = RedisMessage(websocket.receive()) File "/usr/lib/python2.7/site-packages/ws4redis/uwsgi_runserver.py", line 31, in receive raise WebSocketError(e) WebSocketError: unable to receive websocket message Wed Sep 7 20:15:43 2016 - SIGPIPE: writing to a closed pipe/socket/fd (probably the client disconnected) on request /ws/comments?subscribe-broadcast (ip 0.0.0.0) !!! Wed Sep 7 20:15:43 2016 - uwsgi_response_write_body_do(): Broken pipe [core/writer.c line 419] during GET /ws/comments?subscribe-broadcast (0.0.0.0) IOError: write error [07/Sep/2016 20:15:43] WARNING [django.request:120] WebSocketError: unable to receive websocket message Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ws4redis/wsgi_server.py", line 106, in call recvmsg = RedisMessage(websocket.receive()) File "/usr/lib/python2.7/site-packages/ws4redis/uwsgi_runserver.py", line 31, in receive raise WebSocketError(e) WebSocketError: unable to receive websocket message [pid: 1492|app: 0|req: 4/185] 0.0.0.0 () {48 vars in 956 bytes} [Wed Sep 7 20:13:11 2016] GET /ws/comments?subscribe-broadcast => generated 835 bytes in 151714 msecs (HTTP/1.1 101) 4 headers in 185 bytes (0 switches on core 0) Wed Sep 7 20:15:43 2016 - SIGPIPE: writing to a closed pipe/socket/fd (probably the client disconnected) on request /ws/tasks?subscribe-broadcast (ip 0.0.0.0) !!! Wed Sep 7 20:15:43 2016 - uwsgi_response_write_body_do(): Broken pipe [core/writer.c line 419] during GET /ws/tasks?subscribe-broadcast (0.0.0.0) IOError: write error [pid: 1490|app: 0|req: 3/186] 0.0.0.0 () {48 vars in 950 bytes} [Wed Sep 7 20:13:10 2016] GET /ws/tasks?subscribe-broadcast => generated 835 bytes in 152300 msecs (HTTP/1.1 101) 4 headers in 185 bytes (0 switches on core 0) worker 25 killed successfully (pid: 1484) uWSGI worker 25 cheaped. worker 26 killed successfully (pid: 1486) uWSGI worker 26 cheaped. worker 27 killed successfully (pid: 1488) uWSGI worker 27 cheaped. worker 28 killed successfully (pid: 1490) uWSGI worker 28 cheaped. worker 29 killed successfully (pid: 1492) uWSGI worker 29 cheaped. worker 1 killed successfully (pid: 1514) uWSGI worker 1 cheaped. worker 2 killed successfully (pid: 1516) uWSGI worker 2 cheaped. worker 3 killed successfully (pid: 1518) uWSGI worker 3 cheaped. worker 5 killed successfully (pid: 1522) uWSGI worker 5 cheaped. Respawned uWSGI worker 1 (new pid: 1555) Respawned uWSGI worker 2 (new pid: 1557)

[nabeelz6]

Any word on this!?

[biggiesmallsAG]

Hi Nabeel,

No issues with the websocket.log, the worker spawning/kill's are associated with connections made to the websocket loop. If a new request is made to the websocket endpoint and UWSGI is already serving sockets it will automatically spawn up new handlers to deal with the load.

Nabeel, what VM architecture are you using? VMware/Vbox/Parallels? Also, can you drop me all the logs in /opt/nighthawk/var/log directory. Zip them and send them to my email or review.

Also are you trying version 1.0.3?

Regards,

Daniel.

[nabeelz6]

Hi Daniel,

I'm using version 1.0.3 on VMware. Sure, I can email you the zip of the logs soon. Thanks!

[kaktis]

Daniel, I am also having issues with this exact issue where it freezes until the web page breaks and the logs start outputting logs about attempts to write to broken pipes. Was there a fix action associated with this issue? Thank you in advance for your time.

[biggiesmallsAG]

Kaktis,

Are you on v1.0.3? The problem im pretty sure was to do with a regex that wasnt capturing the endpoint name from the url header correctly. I managed to reproduce this in v1.0.3 and pushed a fix up.

If you remote into the VM, can you paste me what the urls.py looks like from the nighthawk django directory.

Dan