spender-sandbox / cuckoo-modified

Modified edition of cuckoo
395 stars 178 forks source link

Failed to run the reporting module "ElasticsearchDB" #417

Open Dhatheway opened 7 years ago

Dhatheway commented 7 years ago

I have been running into the following issue after all the analysis has been completed with no errors. I can also see the reports created in storage/analyses/3/reports. Elasticsearch is up as curl -XGET 'localhost:9200/?pretty' brings back results.

2017-02-21 20:40:17,225 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTMLSummary" 2017-02-21 20:40:17,895 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportPDF" 2017-02-21 20:40:19,279 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ElasticsearchDB" 2017-02-21 20:40:19,940 [elasticsearch] WARNING: PUT http://127.0.0.1:9200/cuckoo-2017-02-21/analysis/3 [status:400 request:0.090s] 2017-02-21 20:40:19,942 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticsearchDB": Traceback (most recent call last): File "/var/opt/cuckoo/lib/cuckoo/core/plugins.py", line 631, in process current.run(self.results) File "/var/opt/cuckoo/modules/reporting/elasticsearchdb.py", line 143, in run self.es.index(index=self.index_name, doc_type="analysis", id=results["info"]["id"], body=report) File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 73, in _wrapped return func(*args, params=params, **kwargs) File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/init.py", line 300, in index _make_path(index, doc_type, id), params=params, body=body) File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 318, in perform_request status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout) File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 128, in perform_request self._raise_error(response.status, raw_data) File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/base.py", line 122, in _raise_error raise HTTP_EXCEPTIONS.get(status_code, TransportError)(status_code, error_message, additional_info) RequestError: TransportError(400, u'illegal_argument_exception', u'[ZHei78w][127.0.0.1:9300][indices:data/write/index[p]]') 2017-02-21 20:40:19,945 [lib.cuckoo.core.scheduler] INFO: Task #3: reports generation completed (path=/var/opt/cuckoo/storage/analyses/3) 2017-02-21 20:40:20,021 [lib.cuckoo.core.scheduler] INFO: Task #3: analysis procedure completed

Dhatheway commented 7 years ago

setting to debug (in elasticsearchdb.py) I found the folllowing

2017-02-21 21:29:58,483 [elasticsearch] DEBUG: < {"error":{"root_cause":[{"type":"remote_transport_exception","reason":"[ZHei78w][127.0.0.1:9300][indices:data/write/index[p]]"}],"type":"illegal_argument_exception","reason":"Limit of total fields [1000] in index [cuckoo-2017-02-21] has been exceeded"},"status":400}

seanthegeek commented 7 years ago

I've run into similar problems.

CC: @KillerInstinct