search

sandialabs / scot

Sandia Cyber Omni Tracker (SCOT)
http://getscot.sandia.gov
Other
245 stars 48 forks source link

SCOT Alert API error. Can't POST JSON data #29

Closed dcode closed 8 years ago

dcode commented 8 years ago

I'm trying to use the alert API because I'd like to forward Bro alert data to SCOT. It comes down to using curl, but I have been unsuccessful in getting it to complete against my local vm. So, I decided to try to go against the demo site and got the same error.

It seems there's maybe a mismatch in the version of the perl module Log::Log4perl::Logger? There's a missing history method.

Here's the full error (I've formatted the JSON to be easier to read):

$ curl -k -g -X POST -m60 -d '{
>   "subject": "bad things happened",
>   "sources": ["bro"],
>   "data": {
>     "msg": "bad things happened",
>     "note": "SCOT::JSON_Alert",
>     "dropped": "F",
>     "ts": "2016-01-17T10:04:12.465551Z",
>     "actions": [
>       "SCOT::ACTION_LOG",
>       "Notice::ACTION_LOG"
>     ],
>     "sub": "https://192.168.168.5/discover?q=Cfjwiwelskdjfie8123",
>     "peer_descr": "bro",
>     "suppress_for": 3600.0
>   }
> }' "https://admin:admin@52.12.122.162/scot/alertgroup"
The application raised the following error:

  Can't locate object method "history" via package "Log::Log4perl::Logger" at inline template fd403ab55a4c875e35b42428816134c7 line 311.
306:             %= $kv->(Time => scalar localtime(time))
307:           </table>
308:         </div>
309:         <div class="tap">tap for more</div>
310:       </div>
311:       % if (@{app->log->history}) {
312:         <div id="log" class="box infobox spaced">
313:           <table>
314:             % for my $msg (@{app->log->history}) {
315:               <tr>
316:                 <td class="striped value wide">

and the StackTrace middleware couldn't catch its stack trace, possibly because your application overrides $SIG{__DIE__} by itself, preventing the middleware from working correctly. Remove the offending code or module that does it: known examples are CGI::Carp and Carp::Always.
toddbruner commented 8 years ago

@dcode. The history thing is a red-herring introduced by the Mojolicious package. To see the real error you'll want to look in the logs (/opt/sandia/webabbs/scot/log). Thanks for posting the curl command, I'll try to duplicate it tomorrow and will post a follow up.

toddbruner commented 8 years ago

Sorry for long delay: but I found the problem. You are missing a [ ] around the data in the data field.

in other words data should look like:

data: [ { stuff: "value" } ],

dcode commented 8 years ago

Oh sweet! Thanks. I didn't realize that was an array. On Feb 18, 2016 18:58, "Todd Bruner" notifications@github.com wrote:

Closed #29 https://github.com/sandialabs/scot/issues/29.

— Reply to this email directly or view it on GitHub https://github.com/sandialabs/scot/issues/29#event-555942592.