Prelude-Correlator crash
Added by Nicolas D about 5 years ago
Hello,
I finished to install prelude yesterdeay to test it on Centos 7.
The three service (manager, lml and correlator) run well.
Today, i have :
Jul 19 14:11:58 inf-siem-01 systemd: Started Correlator of events received by Prelude. Jul 19 14:11:58 inf-siem-01 prelude-correlator: 19 Jul 14:11:58 preludecorrelator.pluginmanager (pid:15667) INFO: [FirewallPlugin]: disabled on user request Jul 19 14:11:58 inf-siem-01 prelude-correlator: 19 Jul 14:11:58 preludecorrelator.pluginmanager (pid:15667) INFO: [BusinessHourPlugin]: disabled on user request Jul 19 14:11:58 inf-siem-01 prelude-correlator: Traceback (most recent call last): Jul 19 14:11:58 inf-siem-01 prelude-correlator: File "/usr/sbin/prelude-correlator", line 11, in <module> Jul 19 14:11:58 inf-siem-01 prelude-correlator: load_entry_point('prelude-correlator==4.1.1', 'console_scripts', 'prelude-correlator')() Jul 19 14:11:58 inf-siem-01 prelude-correlator: File "/usr/lib/python3.6/site-packages/preludecorrelator/main.py", line 286, in main Jul 19 14:11:58 inf-siem-01 prelude-correlator: runCorrelator() Jul 19 14:11:58 inf-siem-01 prelude-correlator: File "/usr/lib/python3.6/site-packages/preludecorrelator/main.py", line 236, in runCorrelator Jul 19 14:11:58 inf-siem-01 prelude-correlator: env = Env(options) Jul 19 14:11:58 inf-siem-01 prelude-correlator: File "/usr/lib/python3.6/site-packages/preludecorrelator/main.py", line 60, in __init__ Jul 19 14:11:58 inf-siem-01 prelude-correlator: context.load(self.profile) Jul 19 14:11:58 inf-siem-01 prelude-correlator: File "/usr/lib/python3.6/site-packages/preludecorrelator/context.py", line 364, in load Jul 19 14:11:58 inf-siem-01 prelude-correlator: _CONTEXT_TABLE.update(ContextUnpickler(fd).load()) Jul 19 14:11:58 inf-siem-01 prelude-correlator: File "/usr/lib/python3.6/site-packages/preludecorrelator/context.py", line 108, in __setstate__ Jul 19 14:11:58 inf-siem-01 prelude-correlator: IDMEF.__setstate__(self, dict) Jul 19 14:11:58 inf-siem-01 prelude-correlator: RuntimeError: Cannot allocate memory Jul 19 14:11:58 inf-siem-01 systemd: prelude-correlator.service: main process exited, code=exited, status=1/FAILURE Jul 19 14:11:58 inf-siem-01 systemd: Unit prelude-correlator.service entered failed state. Jul 19 14:11:58 inf-siem-01 systemd: prelude-correlator.service failed.
Do you get some ideas please ?
Nico
Replies (2)
RE: Prelude-Correlator crash - Added by Antoine LUONG about 5 years ago
Hello,
What is the size of the /var/lib/prelude-correlator/prelude-correlator/context.dat file?
Regards
RE: Prelude-Correlator crash - Added by Nicolas D about 5 years ago
Hello,
The size is : rw-r--r-. 1 root root 443 28 juil. 11:39 context.dat
I success to start prelude when i comment the ligne 60
#context.load(self.profile)
regards