Open jbertman opened 8 years ago
Same problem here. Also the API does not seem to work for me, @jbertman can you confirm that you're having this problem too?
I've actually had to switch back to mongodb due to a vauge parsing error that occours with some samples when ES tries to create an index :\
@GeoffreyVDB The API appears to be working for me without issue. Do you think it's related to this issue? @seanthegeek I'm thinking of switching back as well, seems that we're not quite there with ES.
I originally ported over the code for ES support from Drainware's implementation. However I only had it setup for the time I was porting the code over.
I think that this error is due to some cleanup code, as well as merging from a repo which didn't use ES: https://github.com/spender-sandbox/cuckoo-modified/commit/b4224f91fb7ace6ddd6c1d73cd3fb14f1c7a775a
Not sure if there's any interest if someone finishing up porting it over, but I haven't used the ES stuff in a while and it would take me some time (busy with other things) to be able to setup another rig with an ES backend.
Our implementation it was limited to the reporting module, it seems these errors are related to the webapp. @KillerInstinct has all the credits related to webapp support (we just tried to give him a basic support)
As @KillerInstinct said, after merging some code that was only tested in mongo, it is possible to get issues related to ES mapping.
Personally I think ES is much more powerful than mongo, however, meanwhile the committers are stuck in mongo, it will be hard to maintain ES support.
The ES query changed a lot between 1.4 and 2.0, but I think it didn't affect the current implementation.
Both the VT (antivirus) and suri* modules seem to only support MongoDB without checks. When using an ES backend, I get the above alert when trying to access the VT or surialert modules (default) on arbitrary reports.
All suri* modules (including shrike) as well as the antivirus modules do the following: Antivirus module (web/analysis/views.py) - line 622: