Project

General

Profile

Prelude-Correlator crash

Added by Nicolas D about 1 month ago

Hello,

I finished to install prelude yesterdeay to test it on Centos 7.

The three service (manager, lml and correlator) run well.

Today, i have :

Jul 19 14:11:58 inf-siem-01 systemd: Started Correlator of events received by Prelude.
Jul 19 14:11:58 inf-siem-01 prelude-correlator: 19 Jul 14:11:58 preludecorrelator.pluginmanager (pid:15667) INFO: [FirewallPlugin]: disabled on user request
Jul 19 14:11:58 inf-siem-01 prelude-correlator: 19 Jul 14:11:58 preludecorrelator.pluginmanager (pid:15667) INFO: [BusinessHourPlugin]: disabled on user request
Jul 19 14:11:58 inf-siem-01 prelude-correlator: Traceback (most recent call last):
Jul 19 14:11:58 inf-siem-01 prelude-correlator: File "/usr/sbin/prelude-correlator", line 11, in <module>
Jul 19 14:11:58 inf-siem-01 prelude-correlator: load_entry_point('prelude-correlator==4.1.1', 'console_scripts', 'prelude-correlator')()
Jul 19 14:11:58 inf-siem-01 prelude-correlator: File "/usr/lib/python3.6/site-packages/preludecorrelator/main.py", line 286, in main
Jul 19 14:11:58 inf-siem-01 prelude-correlator: runCorrelator()
Jul 19 14:11:58 inf-siem-01 prelude-correlator: File "/usr/lib/python3.6/site-packages/preludecorrelator/main.py", line 236, in runCorrelator
Jul 19 14:11:58 inf-siem-01 prelude-correlator: env = Env(options)
Jul 19 14:11:58 inf-siem-01 prelude-correlator: File "/usr/lib/python3.6/site-packages/preludecorrelator/main.py", line 60, in __init__
Jul 19 14:11:58 inf-siem-01 prelude-correlator: context.load(self.profile)
Jul 19 14:11:58 inf-siem-01 prelude-correlator: File "/usr/lib/python3.6/site-packages/preludecorrelator/context.py", line 364, in load
Jul 19 14:11:58 inf-siem-01 prelude-correlator: _CONTEXT_TABLE.update(ContextUnpickler(fd).load())
Jul 19 14:11:58 inf-siem-01 prelude-correlator: File "/usr/lib/python3.6/site-packages/preludecorrelator/context.py", line 108, in __setstate__
Jul 19 14:11:58 inf-siem-01 prelude-correlator: IDMEF.__setstate__(self, dict)
Jul 19 14:11:58 inf-siem-01 prelude-correlator: RuntimeError: Cannot allocate memory
Jul 19 14:11:58 inf-siem-01 systemd: prelude-correlator.service: main process exited, code=exited, status=1/FAILURE
Jul 19 14:11:58 inf-siem-01 systemd: Unit prelude-correlator.service entered failed state.
Jul 19 14:11:58 inf-siem-01 systemd: prelude-correlator.service failed.

Do you get some ideas please ?

Nico


Replies (2)

RE: Prelude-Correlator crash - Added by Antoine LUONG about 1 month ago

Hello,

What is the size of the /var/lib/prelude-correlator/prelude-correlator/context.dat file?

Regards

RE: Prelude-Correlator crash - Added by Nicolas D 25 days ago

Hello,

The size is :
rw-r--r-. 1 root root 443 28 juil. 11:39 context.dat

I success to start prelude when i comment the ligne 60

#context.load(self.profile)

regards

    (1-2/2)