xmlx
commented
5 years ago anyone?
Open xmlx opened 5 years ago
xmlx
commented
5 years ago anyone?
d1str0
commented
5 years ago Is hpfeeds-broker running?
xmlx
commented
5 years ago yes, hpfeeds-broker running fine
xmlx
commented
5 years ago 
d1str0
commented
5 years ago Did you install json and splunk logger using the main installation script on base install? Has it ever worked or did it only recently break?
identfail makes it sound like mongodb doesn't have matching credentials for the loggers.
Check your /opt/hpfeeds-logger/splunk.json and json.json file for their credentials. Make sure the secret matches what is in Mongodb.
To check mongodb, open up the console with mongo, then run the following:
> use hpfeeds
> db.auth_key.find()Or to specifically search for a single identity, use
> db.auth_key.find({'identifier':'some-guid'})
4n6strider
commented
4 years ago Hi, same issue. in fact, I had different secrets in the mongo and splunk.json. Put the one from mongo to splunk.json, did not resolved the issue. Also, there is no json.json file in the mhn files at my deployment. This is the output of the *key.find() : (placed the "x" to not share too much)
"> db.auth_key.find() { "_id" : ObjectId("xxx0f783d9f6a627417xxxx"), "identifier" : "collector", "subscribe" : [ "amun.events", "beeswarm.hive", "conpot.events", "dionaea.capture", "dionaea.connections", "elastichoney.events", "glastopf.events", "kippo.sessions", "p0f.events", "shockpot.events", "snort.alerts", "suricata.events", "wordpot.events" ], "secret" : "483d4ffb80cc48129847e038922xxxxx", "publish" : [ ] }"
Hi i got the above problem recently i tried restarting all the service, but it keeps crashing after few seconds. i'm sorry if this problem has been posted before. Any helps will be great. "hpfeeds-logger-splunk.err /hpfeeds-logger-json.err and geoloc.err " log read as follows.
Traceback (most recent call last): File "/opt/hpfeeds-logger/local/lib/python2.7/site-packages/hpfeeds.py", line 1 self.s.connect((addr, self.port)) File "/usr/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 111] Connection refused 2019-05-14 09:22:08,047 - logger - INFO - connected to @hp2 2019-05-14 09:22:08,050 - logger - ERROR - Error message from server: authfail. 2019-05-14 09:22:08,050 - logger - ERROR - Error message from server: identfail. 2019-05-14 09:22:08,051 - logger - ERROR - Error message from server: identfail. 2019-05-14 09:22:08,051 - logger - ERROR - Error message from server: identfail. 2019-05-14 09:22:08,052 - logger - ERROR - Error message from server: identfail. 2019-05-14 09:22:08,052 - logger - ERROR - Error message from server: identfail. 2019-05-14 09:22:08,053 - logger - ERROR - Error message from server: identfail. 2019-05-14 09:22:08,053 - logger - ERROR - Error message from server: identfail. 2019-05-14 09:22:08,054 - logger - ERROR - Error message from server: identfail. 2019-05-14 09:22:08,054 - logger - ERROR - Error message from server: identfail. 2019-05-14 09:22:08,054 - logger - ERROR - Error message from server: identfail. 2019-05-14 09:22:08,055 - logger - ERROR - Error message from server: identfail. 2019-05-14 09:22:08,055 - logger - ERROR - Error message from server: identfail. 2019-05-14 09:22:08,055 - logger - ERROR - Error message from server: identfail. 2019-05-14 09:22:08,056 - logger - ERROR - Error message from server: identfail.