Project

General

Profile

Bug #404

Prelude-correlator failed on force-reload

Added by mukhris harun almost 13 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Thomas ANDREJAK
Target version:
-
Start date:
07/17/2011
Due date:
% Done:

0%

Resolution:

Description

Hi and good day,

I've been struggling on this issue for months now. Prelude-correlator failed to start after running "/etc/init.d/prelude-correlator force-reload", although I can see all the correlated alerts in Prewikka.

Here's the output:

prelude_mgr:~# /etc/init.d/prelude-correlator force-reload
Restarting prelude-correlator: prelude-correlator17 Jul 16:09:20 prelude-correlator (process:3657) INFO: [FirewallPlugin]: disabled on user request
17 Jul 16:09:20 prelude-correlator (process:3657) WARNING: SpamhausDropPlugin = PreludeCorrelator.plugins.spamhausdrop:SpamhausDropPlugin: No module named netaddr
17 Jul 16:09:20 prelude-correlator (process:3657) INFO: [BusinessHourPlugin]: disabled on user request
17 Jul 16:09:20 prelude-correlator (process:3657) INFO: 7 plugin have been loaded.
failed!

prelude_mgr:~# prelude-correlator --debug=9
17 Jul 17:02:23 prelude-correlator (process:3706) INFO: [FirewallPlugin]: disabled on user request
17 Jul 17:02:23 prelude-correlator (process:3706) WARNING: SpamhausDropPlugin = PreludeCorrelator.plugins.spamhausdrop:SpamhausDropPlugin: No module named netaddr
17 Jul 17:02:23 prelude-correlator (process:3706) INFO: [BusinessHourPlugin]: disabled on user request
17 Jul 17:02:23 prelude-correlator (process:3706) INFO: 7 plugin have been loaded.
17 Jul 17:02:23 prelude-correlator (process:3706) INFO: Connecting to 127.0.0.1:4690 prelude Manager server.
17 Jul 17:02:23 prelude-correlator (process:3706) INFO: TLS authentication succeed with Prelude Manager.
17 Jul 17:02:23 prelude-correlator (process:3706) INFO: Flushing 4 message to any (0 erased due to quota)...
17 Jul 17:02:23 prelude-correlator (process:3706) WARNING: Failover recovery: 4/4 messages flushed (275919 bytes).

I'm wondering about the status of the output below. What does it mean by half-configured? For your information, I just upgraded the prelude-manager to version 1.0.0. I noticed that the "Config-Version: 0.9.0~beta8-2". Is this the cause of the problem?

prelude_mgr:~# dpkg -s prelude-correlator
Package: prelude-correlator
Status: install ok half-configured
Priority: extra
Section: admin
Installed-Size: 808
Maintainer: Pierre Chifflier <>
Architecture: all
Version: 1.0.0-1
Config-Version: 0.9.0~beta8-2
Depends: python (>= 2.5), python-support (>= 0.90.0), python-prelude (>= 0.9.23), python-pkg-resources (>= 0.6c8-4), adduser
Conffiles:
/etc/prelude-correlator/prelude-correlator.conf 548fbb9d151d7fe62bb75ca17b0b38a5
/etc/init.d/prelude-correlator e54b5e482b266fc36b9a833b01a9d2e7
/etc/default/prelude-correlator 0c65fd8ff27a6c2895daca1c2bd6d56a

I am running:
libprelude2 1.0.0-1
libpreludedb0 0.9.15.3-1
prelude-correlator 1.0.0-1
prelude-manager 1.0.0-1
prelude-lml 1.0.0-1+b1
prewikka 0.9.17.1-1
prelude-manager 1.0.0-1

Thanks in advance.

History

#1 Updated by Jean-Charles ROGEZ almost 12 years ago

  • Project changed from PRELUDE SIEM to Prelude Correlator

#2 Updated by Thomas ANDREJAK almost 8 years ago

  • Status changed from New to Closed
  • Assignee set to Thomas ANDREJAK

No activity

Also available in: Atom PDF