search

robcowart / elastiflow

Network flow analytics (Netflow, sFlow and IPFIX) with the Elastic Stack
Other
2.49k stars 598 forks source link

DatabaseManager is not in classpath #696

Closed IpslWon closed 3 years ago

IpslWon commented 3 years ago

Using the install instructions running elastic version 7.11 and see the following error:

[2021-03-03T15:33:09,297][INFO ][logstash.outputs.elasticsearch][elastiflow] Installing elasticsearch template to _template/elastiflow-4.0.1
[2021-03-03T15:33:09,462][INFO ][logstash.filters.geoip   ][elastiflow] DatabaseManager is not in classpath {:version=>"7.11.1", :exception=>#<LoadError: no such file to load -- /usr/share/logstash/x-pack/lib/filters/geoip/database_manager>}
[2021-03-03T15:33:09,464][INFO ][logstash.filters.geoip   ][elastiflow] Using geoip database {:path=>"/etc/logstash/elastiflow/geoipdbs/GeoLite2-ASN.mmdb"}
[2021-03-03T15:33:09,475][INFO ][logstash.filters.geoip   ][elastiflow] DatabaseManager is not in classpath {:version=>"7.11.1", :exception=>#<LoadError: no such file to load -- /usr/share/logstash/x-pack/lib/filters/geoip/database_manager>}
[2021-03-03T15:33:09,476][INFO ][logstash.filters.geoip   ][elastiflow] Using geoip database {:path=>"/etc/logstash/elastiflow/geoipdbs/GeoLite2-City.mmdb"}
:/usr/share/logstash/x-pack/lib# ls -l
total 28
drwxrwxr-x 2 logstash logstash 4096 Feb 24 18:10 config_management
drwxrwxr-x 2 logstash logstash 4096 Feb 24 18:10 helpers
drwxrwxr-x 2 logstash logstash 4096 Feb 24 18:10 license_checker
drwxrwxr-x 2 logstash logstash 4096 Feb 24 18:10 modules
drwxrwxr-x 4 logstash logstash 4096 Feb 24 18:10 monitoring
-rw-r--r-- 1 logstash logstash 1871 Feb 15 04:34 template.cfg.erb
drwxrwxr-x 2 logstash logstash 4096 Feb 24 18:10 x-pack

I have netflow configured and I have it working with the regular filebeat netflow plugin.

IvoGoman commented 3 years ago

I am seeing this message as well which seems to be related to the recent update of the GeoIP plugin to version 7.0.0 see changelog

Changed the plugin to use EULA GeoIP2 Database with auto-update #176 Available in Logstash 7.13+ Elastic license

There are now two ways of loading the GeoIP DB and the "online" mode which requires the DatabaseManager, which is not available prior to Logstash 7.13. In this case the "offline" mode will be used by default.

While it is an error tex the message is logged with INFO level. I found this comment on the PR for the change, which states that the error should be logged on info level for older logstash versions.

So it seems the message looks worse than it actually is. Maybe a more specific error message would have been more helpful in this case.

robcowart commented 3 years ago

Thanks for the explanation @IvoGoman