search

opc40772 / pfsense-graylog

Pfsense Logs Parsed by Graylog
GNU General Public License v3.0
82 stars 117 forks source link

Apply Content Failure #6

Closed r4yfx closed 5 years ago

r4yfx commented 5 years ago

I have a graylog cluster setup, and receiving the following error in the logs;

2018-09-26T14:08:30.076+01:00 INFO [InputStateListener] Input [Syslog UDP/5a982448687cf8128c10ce6e] is now STOPPING 2018-09-26T14:08:30.077+01:00 INFO [InputStateListener] Input [Syslog UDP/5a982448687cf8128c10ce6e] is now STOPPED 2018-09-26T14:08:30.077+01:00 INFO [InputStateListener] Input [Syslog UDP/5a982448687cf8128c10ce6e] is now TERMINATED 2018-09-26T14:08:30.078+01:00 INFO [InputStateListener] Input [Syslog UDP/5a982448687cf8128c10ce6e] is now STARTING 2018-09-26T14:08:30.115+01:00 INFO [connection] Opened connection [connectionId{localValue:19, serverValue:5956}] to syslog01:27017 2018-09-26T14:08:30.118+01:00 ERROR [BundleImporter] Error while creating entities in content pack. Starting rollback. java.lang.IllegalStateException: Configured lookup table doesn't exist at org.graylog2.inputs.extractors.LookupTableExtractor.(LookupTableExtractor.java:62) ~[graylog.jar:?] at org.graylog2.inputs.extractors.ExtractorFactory.factory(ExtractorFactory.java:72) ~[graylog.jar:?] at org.graylog2.bundles.BundleImporter.addExtractor(BundleImporter.java:435) ~[graylog.jar:?] at org.graylog2.bundles.BundleImporter.addExtractors(BundleImporter.java:422) ~[graylog.jar:?] at org.graylog2.bundles.BundleImporter.createMessageInput(BundleImporter.java:400) ~[graylog.jar:?] at org.graylog2.bundles.BundleImporter.createInputs(BundleImporter.java:356) ~[graylog.jar:?] at org.graylog2.bundles.BundleImporter.runImport(BundleImporter.java:187) [graylog.jar:?] at org.graylog2.bundles.BundleService.applyConfigurationBundle(BundleService.java:112) [graylog.jar:?] at org.graylog2.bundles.BundleService.applyConfigurationBundle(BundleService.java:105) [graylog.jar:?] at org.graylog2.rest.resources.system.bundles.BundleResource.applyBundle(BundleResource.java:184) [graylog.jar:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81) [graylog.jar:?] at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144) [graylog.jar:?] at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161) [graylog.jar:?] at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$VoidOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:143) [graylog.jar:?] at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99) [graylog.jar:?] at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389) [graylog.jar:?] at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347) [graylog.jar:?] at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102) [graylog.jar:?] at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326) [graylog.jar:?] at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) [graylog.jar:?] at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) [graylog.jar:?] at org.glassfish.jersey.internal.Errors.process(Errors.java:315) [graylog.jar:?] at org.glassfish.jersey.internal.Errors.process(Errors.java:297) [graylog.jar:?] at org.glassfish.jersey.internal.Errors.process(Errors.java:267) [graylog.jar:?] at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317) [graylog.jar:?] at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) [graylog.jar:?] at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154) [graylog.jar:?] at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:384) [graylog.jar:?] at org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:224) [graylog.jar:?] at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176) [graylog.jar:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_181] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_181] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181] 2018-09-26T14:08:30.118+01:00 ERROR [BundleImporter] Error while removing grok patterns during rollback. java.lang.IllegalArgumentException: invalid hexadecimal representation of an ObjectId: [PFSENSE_LOG_DATA] at org.bson.types.ObjectId.parseHexString(ObjectId.java:549) ~[graylog.jar:?] at org.bson.types.ObjectId.(ObjectId.java:239) ~[graylog.jar:?] at org.graylog2.grok.MongoDbGrokPatternService.load(MongoDbGrokPatternService.java:61) ~[graylog.jar:?] at org.graylog2.bundles.BundleImporter.deleteCreatedGrokPatterns(BundleImporter.java:267) ~[graylog.jar:?] at org.graylog2.bundles.BundleImporter.rollback(BundleImporter.java:228) [graylog.jar:?] at org.graylog2.bundles.BundleImporter.runImport(BundleImporter.java:197) [graylog.jar:?] at org.graylog2.bundles.BundleService.applyConfigurationBundle(BundleService.java:112) [graylog.jar:?] at org.graylog2.bundles.BundleService.applyConfigurationBundle(BundleService.java:105) [graylog.jar:?] at org.graylog2.rest.resources.system.bundles.BundleResource.applyBundle(BundleResource.java:184) [graylog.jar:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81) [graylog.jar:?] at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144) [graylog.jar:?] at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161) [graylog.jar:?] at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$VoidOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:143) [graylog.jar:?] at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99) [graylog.jar:?] at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389) [graylog.jar:?] at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347) [graylog.jar:?] at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102) [graylog.jar:?] at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326) [graylog.jar:?] at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) [graylog.jar:?] at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) [graylog.jar:?] at org.glassfish.jersey.internal.Errors.process(Errors.java:315) [graylog.jar:?] at org.glassfish.jersey.internal.Errors.process(Errors.java:297) [graylog.jar:?] at org.glassfish.jersey.internal.Errors.process(Errors.java:267) [graylog.jar:?] at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317) [graylog.jar:?] at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) [graylog.jar:?] at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154) [graylog.jar:?] at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:384) [graylog.jar:?] at org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:224) [graylog.jar:?] at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176) [graylog.jar:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_181] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_181] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181] 2018-09-26T14:08:30.119+01:00 ERROR [BundleImporter] Rollback unsuccessful. 2018-09-26T14:08:30.119+01:00 ERROR [AnyExceptionClassMapper] Unhandled exception in REST resource java.lang.RuntimeException: java.lang.IllegalStateException: Configured lookup table doesn't exist at org.graylog2.bundles.BundleImporter.runImport(BundleImporter.java:200) ~[graylog.jar:?] at org.graylog2.bundles.BundleService.applyConfigurationBundle(BundleService.java:112) ~[graylog.jar:?] at org.graylog2.bundles.BundleService.applyConfigurationBundle(BundleService.java:105) ~[graylog.jar:?] at org.graylog2.rest.resources.system.bundles.BundleResource.applyBundle(BundleResource.java:184) ~[graylog.jar:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81) ~[graylog.jar:?] at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144) ~[graylog.jar:?] at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161) ~[graylog.jar:?] at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$VoidOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:143) ~[graylog.jar:?] at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99) ~[graylog.jar:?] at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389) ~[graylog.jar:?] at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347) ~[graylog.jar:?] at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102) ~[graylog.jar:?] at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326) [graylog.jar:?] at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) [graylog.jar:?] at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) [graylog.jar:?] at org.glassfish.jersey.internal.Errors.process(Errors.java:315) [graylog.jar:?] at org.glassfish.jersey.internal.Errors.process(Errors.java:297) [graylog.jar:?] at org.glassfish.jersey.internal.Errors.process(Errors.java:267) [graylog.jar:?] at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317) [graylog.jar:?] at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) [graylog.jar:?] at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154) [graylog.jar:?] at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:384) [graylog.jar:?] at org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:224) [graylog.jar:?] at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176) [graylog.jar:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_181] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_181] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181] Caused by: java.lang.IllegalStateException: Configured lookup table doesn't exist at org.graylog2.inputs.extractors.LookupTableExtractor.(LookupTableExtractor.java:62) ~[graylog.jar:?] at org.graylog2.inputs.extractors.ExtractorFactory.factory(ExtractorFactory.java:72) ~[graylog.jar:?] at org.graylog2.bundles.BundleImporter.addExtractor(BundleImporter.java:435) ~[graylog.jar:?] at org.graylog2.bundles.BundleImporter.addExtractors(BundleImporter.java:422) ~[graylog.jar:?] at org.graylog2.bundles.BundleImporter.createMessageInput(BundleImporter.java:400) ~[graylog.jar:?] at org.graylog2.bundles.BundleImporter.createInputs(BundleImporter.java:356) ~[graylog.jar:?] at org.graylog2.bundles.BundleImporter.runImport(BundleImporter.java:187) ~[graylog.jar:?] ... 30 more 2018-09-26T14:08:30.131+01:00 WARN [NettyTransport] receiveBufferSize (SO_RCVBUF) for input SyslogUDPInput{title=Pfsense-Logs, type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=20c96645-7700-48ea-9ede-f828c812397b} should be 262144 but is 212992. 2018-09-26T14:08:30.130+01:00 INFO [connection] Opened connection [connectionId{localValue:18, serverValue:5955}] to syslog01:27017 2018-09-26T14:08:30.133+01:00 INFO [InputStateListener] Input [Syslog UDP/5a982448687cf8128c10ce6e] is now RUNNING

From what I can tell it is complaining about the service ports, but the csv file is in the specified location

r4yfx commented 5 years ago

Fixed, although graylog suggested it applied the previous content, it didn't