Bug #140: Prewikka heartbeat problem - Prewikka - UNITY 360

Bug #140

Prewikka heartbeat problem

Added by about 18 years ago. Updated about 12 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Yoann VANDOORSELAERE

Target version:

Start date:

Due date:

% Done:

Resolution:

fixed

Description

Hi,

When i try to enter in "Agent" link or in "Heartbeat" tab i recive the following "Unknow Generic Error":

Traceback (most recent call last):
  File "/usr/lib/python2.3/site-packages/prewikka/Core.py", line 306, in process
    getattr(view[[object"] view["handler]])()
  File "/usr/lib/python2.3/site-packages/prewikka/views/messagelisting.py", line 1213, in render
    self._setMessages(criteria)
  File "/usr/lib/python2.3/site-packages/prewikka/views/messagelisting.py", line 1170, in _setMessages
    message = self.env.idmef_db.getHeartbeat(ident)
  File "/usr/lib/python2.3/site-packages/prewikka/IDMEFDatabase.py", line 310, in getHeartbeat
    return Heartbeat(preludedb_get_heartbeat(self._db, ident))
[[PreludeDBError]]: Unknown generic error

System info:
Debian
Apache/2.0.55
mod_chroot/0.5
mod_python/3.1.3
Python/2.3.5
PHP/4.4.2-1
Cheetah 1.0

Using CGI configuration for apache.

History

#1 Updated by Yoann VANDOORSELAERE about 18 years ago

Status changed from New to Assigned

Could you please provide the version information concerning libprelude, libpreludedb and Prewikka ?

#2 Updated by about 18 years ago

Ok:

libprelude-0.9.7.2
libpreludedb-0.9.7
prewikka-0.9.3

If i delete all the heartbeat and alert records it works but its empty

#3 Updated by Yoann VANDOORSELAERE about 18 years ago

In order to do the step ahead, please upgrade to libpreludedb 0.9.7.1.

Once you are done, please edit your prewikka.conf configuration file, and under the [idmef_database] section, add the following setting:

log: /tmp/prewikka.log

Restart Prewikka and start watching the logfile.
Reproduce the problem, and get the last query available from the log before the issue arise. Copy it here.

#4 Updated by about 18 years ago

Hi,

0.000846s SELECT name, version from _format
0.005377s SELECT t0.analyzerid FROM Prelude_Heartbeat AS top_table LEFT JOIN Prelude_Analyzer AS t0 ON (t0._parent_type='H' AND t0._message_ident=top_table._ident AND t0._index = -1) GROUP BY 1
0.003533s SELECT DISTINCT(top_table._ident), t0.time, t0.gmtoff, t0.usec FROM Prelude_Heartbeat AS top_table LEFT JOIN Prelude_CreateTime AS t0 ON (t0._parent_type='H' AND t0._message_ident=top_table._ident) LEFT JOIN Prelude_Analyzer AS t1 ON (t1._parent_type='H' AND t1._message_ident=top_table._ident AND t1._index = -1) WHERE t1.analyzerid = '2518527016165437' ORDER BY 2 DESC LIMIT 1
0.000530s SELECT messageid, heartbeat_interval FROM Prelude_Heartbeat WHERE _ident = 1
0.001615s SELECT analyzerid, name, manufacturer, model, version, class, ostype, osversion FROM Prelude_Analyzer WHERE _parent_type = 'H' AND _message_ident = 1 AND _index != -1 ORDER BY _index ASC
0.001147s SELECT ident, category, location, name FROM Prelude_Node WHERE _parent_type = 'H' AND _message_ident = 1 AND _parent0_index = 0
0.000910s SELECT ident, name, pid, path FROM Prelude_Process WHERE _parent_type = 'H' AND _message_ident = 1 AND _parent0_index = 0
0.000904s SELECT arg FROM Prelude_ProcessArg WHERE _parent_type = 'H' AND _message_ident = 1 AND _parent0_index = 0 AND _index != -1 ORDER BY _index ASC
0.000859s SELECT env FROM Prelude_ProcessEnv WHERE _parent_type = 'H' AND _message_ident = 1 AND _parent0_index = 0 AND _index != -1 ORDER BY _index ASC
0.000519s SELECT time, gmtoff, usec FROM Prelude_CreateTime WHERE _parent_type = 'H' AND _message_ident = 1

#5 Updated by Yoann VANDOORSELAERE about 18 years ago

Please start the database command line client, and manually run the query in order to get the error.

 mysql -u username -p database_name
 SELECT time, gmtoff, usec FROM Prelude_CreateTime WHERE _parent_type = 'H' AND _message_ident = 1;

Assuming it is always the same query that fail (please double check).

#6 Updated by about 18 years ago

Here is:

time    gmtoff    usec
2006-04-07 10:35:36 7200 682945

This queries return me empty query

SELECT arg FROM Prelude_ProcessArg WHERE _parent_type = 'H' AND _message_ident = 1 AND _parent0_index = 0 AND _index != -1 ORDER BY _index ASC
SELECT env FROM Prelude_ProcessEnv WHERE _parent_type = 'H' AND _message_ident = 1 AND _parent0_index = 0 AND _index != -1 ORDER BY _index ASC

#7 Updated by Yoann VANDOORSELAERE about 18 years ago

It is okay for both query to return no value.

I'm affraid in the current state of things, I'll need you to add assertion in the libpreludedb classic plugin code in order to trace where the problem happen. You might want to join irc.freenode.net, #prelude - so I can provide you with instruction for debugging the issue.

#8 Updated by Yoann VANDOORSELAERE about 18 years ago

Status changed from Assigned to Closed
Resolution set to fixed

(In r8129) Upon connection to the database, set default date style to ISO (SET DATESTYLE TO 'ISO').
This is needed since libpreludedb assume ISO format to parse database timestamp.

Not doing this resulted in error when trying to read data from postgreSQL database
if the user used specific lc_time setting in postgresql.conf.

Fix #140.

#9 Updated by Yoann VANDOORSELAERE almost 15 years ago

Project changed from PRELUDE SIEM to Prewikka
Category deleted (5)
Target version deleted (~~0.9.8~~)

#10 Updated by Thomas GIRARD about 12 years ago

Target version deleted (~~0.9.8~~)

Also available in: Atom PDF

Project

General

Profile

Issues