travisfsmith / sweetsecurity Goto Github PK
View Code? Open in Web Editor NEWNetwork Security Monitoring on Raspberry Pi type devices
License: Apache License 2.0
sweetsecurity's People
Contributors
Stargazers
Watchers
Forkers
minurc securityandcoding mikeofnotrades nlesser jinverar fo0nikens davidsoloman doomexe svmseric openube saintwolf ronaldstoner uck9 retornam wilko85 securityjives aseciwa raphaelamorim timfrazier1 phyxers laurencefield beerandgin thinhnd8752 goyoac akefallonitis davecasey praveenuchiha poeblu windyorguk lsoumille coldsmoke627 fakrul int0x80 spartantri djeraseit jram0421 mx2x weeshlow h3xabyt3 chapmantechservices sightforbacq sdelliot wuyasec q1f3 bijaye pacejj27 freedomcodes jtchaoren nx4dm1n xuxiaochuan alicurd blueroutecn hbxc0re stevenchen0x01 awesome-security team-firebugs tobey123 hotelzululima davedacoda signedbytes s4yhell0 blackthorne g1ldedm1n1on ramous ch4p34un0ir h0k5 cormon1976 drmaq songofhack whb224117 olivierh59500 f0829 grukz geekspeed 007scorpio infoesser subfission ccgcyber paparaka magnologan losintikfos h0ne yifengyou itskhela artyomchelovan labelevn tkuennen bestshow tlochrane kas21 putaodoudou siggib007 yangjin-unique thefakestefan hollywoodmarks marcellos goofwear gipix arizonacyberwarfarerange awesome-pentest-gadgetssweetsecurity's Issues
filecheck.io
Is this site still a thing? I went ahead and clicked yes to connect to https://filechck.io and it never comes up. I feel like I'm doing something wrong.
No matching indices found: No indices match pattern "logstash-*"
Not sure where the issue is. I tried some of the fixes recommended before but they dont seem to help me.
sudo /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf -t output provides
pi@raspberrypi:~ $ sudo /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf -t
io/console on JRuby shells out to stty for most operations
ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console.
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path //usr/share/logstash/config/log4j2.properties. Using default config which logs to console
17:00:01.029 [main] INFO logstash.setting.writabledirectory - Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
17:00:01.066 [main] INFO logstash.setting.writabledirectory - Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/share/logstash/data/dead_letter_queue"}
LoadError: Could not load FFI Provider: (NotImplementedError) FFI not available: java.lang.UnsatisfiedLinkError: /tmp/jffi5719152108522271658.so: /tmp/jffi5719152108522271658.so: cannot open shared object file: No such file or directory
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1941)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1824)
at java.lang.Runtime.load0(Runtime.java:809)
at java.lang.System.load(System.java:1086)
at com.kenai.jffi.internal.StubLoader.loadFromJar(StubLoader.java:367)
at com.kenai.jffi.internal.StubLoader.load(StubLoader.java:254)
at com.kenai.jffi.internal.StubLoader.<clinit>(StubLoader.java:440)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at com.kenai.jffi.Init.load(Init.java:68)
at com.kenai.jffi.Foreign$InstanceHolder.getInstanceHolder(Foreign.java:49)
at com.kenai.jffi.Foreign$InstanceHolder.<clinit>(Foreign.java:45)
at com.kenai.jffi.Foreign.getInstance(Foreign.java:103)
at com.kenai.jffi.Platform.isSupported(Platform.java:370)
at org.jruby.ext.ffi.jffi.Factory.<init>(Factory.java:16)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.lang.Class.newInstance(Class.java:442)
at org.jruby.ext.ffi.Factory$SingletonHolder.getInstance(Factory.java:60)
at org.jruby.ext.ffi.Factory$SingletonHolder.<clinit>(Factory.java:45)
at org.jruby.ext.ffi.Factory.getInstance(Factory.java:88)
at org.jruby.ext.ffi.FFIService.load(FFIService.java:47)
at org.jruby.runtime.load.LoadService.reflectedLoad(LoadService.java:598)
at org.jruby.ext.LateLoadingLibrary.load(LateLoadingLibrary.java:48)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.WhenOneArgNode.whenSlowTest(WhenOneArgNode.java:36)
at org.jruby.ast.WhenOneArgNode.when(WhenOneArgNode.java:46)
at org.jruby.ast.CaseNode.interpret(CaseNode.java:133)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:221)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:116)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.IfNode.interpret(IfNode.java:116)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.IfNode.interpret(IfNode.java:118)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:221)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:116)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:221)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:116)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.IfNode.interpret(IfNode.java:116)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.IfNode.interpret(IfNode.java:118)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:221)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:116)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.ExternalScript.load(ExternalScript.java:66)
at org.jruby.runtime.load.LoadService.load(LoadService.java:358)
at org.jruby.RubyKernel.loadCommon(RubyKernel.java:1067)
at org.jruby.RubyKernel.load19(RubyKernel.java:1059)
at org.jruby.RubyKernel$INVOKER$s$0$1$load19.call(RubyKernel$INVOKER$s$0$1$load19.gen)
at org.jruby.internal.runtime.methods.DynamicMethod.call(DynamicMethod.java:210)
at org.jruby.internal.runtime.methods.DynamicMethod.call(DynamicMethod.java:206)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.IfNode.interpret(IfNode.java:118)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.ExternalScript.load(ExternalScript.java:66)
at org.jruby.runtime.load.LoadService.loadFromClassLoader(LoadService.java:384)
at org.jruby.Ruby.initRubyKernel(Ruby.java:1790)
at org.jruby.Ruby.init(Ruby.java:1269)
at org.jruby.Ruby.newInstance(Ruby.java:334)
at org.jruby.Main.internalRun(Main.java:256)
at org.jruby.Main.run(Main.java:217)
at org.jruby.Main.main(Main.java:197)
java.lang.UnsatisfiedLinkError: /usr/share/logstash/vendor/jruby/lib/jni/arm-Linux/libjffi-1.2.so: /usr/share/logstash/vendor/jruby/lib/jni/arm-Linux/libjffi-1.2.so: cannot open shared object file: No such file or directory
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1941)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1824)
at java.lang.Runtime.load0(Runtime.java:809)
at java.lang.System.load(System.java:1086)
at com.kenai.jffi.internal.StubLoader.loadFromBootPath(StubLoader.java:317)
at com.kenai.jffi.internal.StubLoader.load(StubLoader.java:244)
at com.kenai.jffi.internal.StubLoader.<clinit>(StubLoader.java:440)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at com.kenai.jffi.Init.load(Init.java:68)
at com.kenai.jffi.Foreign$InstanceHolder.getInstanceHolder(Foreign.java:49)
at com.kenai.jffi.Foreign$InstanceHolder.<clinit>(Foreign.java:45)
at com.kenai.jffi.Foreign.getInstance(Foreign.java:103)
at com.kenai.jffi.Platform.isSupported(Platform.java:370)
at org.jruby.ext.ffi.jffi.Factory.<init>(Factory.java:16)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.lang.Class.newInstance(Class.java:442)
at org.jruby.ext.ffi.Factory$SingletonHolder.getInstance(Factory.java:60)
at org.jruby.ext.ffi.Factory$SingletonHolder.<clinit>(Factory.java:45)
at org.jruby.ext.ffi.Factory.getInstance(Factory.java:88)
at org.jruby.ext.ffi.FFIService.load(FFIService.java:47)
at org.jruby.runtime.load.LoadService.reflectedLoad(LoadService.java:598)
at org.jruby.ext.LateLoadingLibrary.load(LateLoadingLibrary.java:48)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.WhenOneArgNode.whenSlowTest(WhenOneArgNode.java:36)
at org.jruby.ast.WhenOneArgNode.when(WhenOneArgNode.java:46)
at org.jruby.ast.CaseNode.interpret(CaseNode.java:133)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:221)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:116)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.IfNode.interpret(IfNode.java:116)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.IfNode.interpret(IfNode.java:118)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:221)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:116)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:221)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:116)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.IfNode.interpret(IfNode.java:116)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.IfNode.interpret(IfNode.java:118)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:221)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:116)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.ExternalScript.load(ExternalScript.java:66)
at org.jruby.runtime.load.LoadService.load(LoadService.java:358)
at org.jruby.RubyKernel.loadCommon(RubyKernel.java:1067)
at org.jruby.RubyKernel.load19(RubyKernel.java:1059)
at org.jruby.RubyKernel$INVOKER$s$0$1$load19.call(RubyKernel$INVOKER$s$0$1$load19.gen)
at org.jruby.internal.runtime.methods.DynamicMethod.call(DynamicMethod.java:210)
at org.jruby.internal.runtime.methods.DynamicMethod.call(DynamicMethod.java:206)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.IfNode.interpret(IfNode.java:118)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.ExternalScript.load(ExternalScript.java:66)
at org.jruby.runtime.load.LoadService.loadFromClassLoader(LoadService.java:384)
at org.jruby.Ruby.initRubyKernel(Ruby.java:1790)
at org.jruby.Ruby.init(Ruby.java:1269)
at org.jruby.Ruby.newInstance(Ruby.java:334)
at org.jruby.Main.internalRun(Main.java:256)
at org.jruby.Main.run(Main.java:217)
at org.jruby.Main.main(Main.java:197)
See http://jira.codehaus.org/browse/JRUBY-4583
require at org/jruby/RubyKernel.java:1040
require at /usr/share/logstash/vendor/bundle/jruby/1.9/gems/polyglot-0.3.5/lib/polyglot.rb:65
(root) at /usr/share/logstash/vendor/jruby/lib/ruby/shared/ffi/ffi.rb:69
require at org/jruby/RubyKernel.java:1040
require at /usr/share/logstash/vendor/bundle/jruby/1.9/gems/polyglot-0.3.5/lib/polyglot.rb:65
(root) at /usr/share/logstash/vendor/jruby/lib/ruby/shared/ffi.rb:1
require at org/jruby/RubyKernel.java:1040
require at /usr/share/logstash/vendor/bundle/jruby/1.9/gems/polyglot-0.3.5/lib/polyglot.rb:65
(root) at /usr/share/logstash/vendor/jruby/lib/ruby/shared/ffi.rb:1
(root) at /usr/share/logstash/logstash-core/lib/logstash/util/prctl.rb:1
require at org/jruby/RubyKernel.java:1040
require at /usr/share/logstash/vendor/bundle/jruby/1.9/gems/polyglot-0.3.5/lib/polyglot.rb:65
LibC at /usr/share/logstash/logstash-core/lib/logstash/util/prctl.rb:3
(root) at /usr/share/logstash/logstash-core/lib/logstash/util/prctl.rb:2
(root) at /usr/share/logstash/logstash-core/lib/logstash/util.rb:1
set_thread_name at /usr/share/logstash/logstash-core/lib/logstash/util.rb:20
execute at /usr/share/logstash/logstash-core/lib/logstash/runner.rb:246
(root) at /usr/share/logstash/lib/bootstrap/environment.rb:71
Exception in nmap.py - single quote in macvendor string
This issue only affects people who have a MAC Vendor on their network with a single quote in their name (example: Microtech Int'l Corp.)
I was struggling to get Sweet Security to work and I traced it down to an issue in nmap.py. It was generating an exception because the vendor name for one of my devices has a single qoute in the name. I was able to get it working by changing line 114 of nmap.py from macvendor to macvendor.replace("'", "") which strips out the single qoute from the vendor name. This isn't likely the best strategy, but it got things up and running for me.
Line 114 now looks like this:
query = "INSERT INTO hosts VALUES ('%s','%s','%s','%s','%s',0,1,'%s','%s')" % (hostname,hostname,str(ipaddress),macaddress,macvendor.replace("'", ""),datetime.now().strftime("%Y-%m-%d %H:%M:%S"),datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
No matching indices found: No indices match pattern "logstash-*"
results of sudo /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf -t
ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console.
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path //usr/share/logstash/config/log4j2.properties. Using default config which logs to console
19:21:02.931 [main] INFO logstash.setting.writabledirectory - Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
19:21:03.094 [main] INFO logstash.setting.writabledirectory - Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/share/logstash/data/dead_letter_queue"}
19:22:11.140 [LogStash::Runner] ERROR logstash.plugins.registry - Problems loading a plugin with {:type=>"output", :name=>"email", :path=>"logstash/outputs/email", :error_message=>"NameError", :error_class=>NameError, :error_backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:226:in namespace_lookup'", "/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:162:in legacy_lookup'", "/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:138:in lookup'", "/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:180:in lookup_pipeline_plugin'", "/usr/share/logstash/logstash-core/lib/logstash/plugin.rb:140:in lookup'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:100:in plugin'", "(eval):1722:in initialize'", "org/jruby/RubyKernel.java:1079:in eval'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:72:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:299:in execute'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:67:in run'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:209:in run'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:132:in run'", "/usr/share/logstash/lib/bootstrap/environment.rb:71:in (root)'"]}
19:22:11.209 [LogStash::Runner] FATAL logstash.runner - The given configuration is invalid. Reason: Couldn't find any output plugin named 'email'. Are you sure this is correct? Trying to load the email output plugin resulted in this error: Problems loading the requested plugin named email of type output. Error: NameError NameError
IOError: [Errno 2] No such file or directory: '/opt/nsm/bro/etc/node.cfg'
Any idea why the node.cfg is not getting built?
Traceback (most recent call last):
File "setup.py", line 257, in
bro.install(chosenInterface, esServer)
File "/home/pi/Repos/SweetSecurity/install/bro.py", line 45, in install
shutil.move('/opt/nsm/bro/etc/node.cfg','/opt/nsm/bro/etc/node.orig')
File "/usr/lib/python2.7/shutil.py", line 302, in move
copy2(src, real_dst)
File "/usr/lib/python2.7/shutil.py", line 130, in copy2
copyfile(src, dst)
File "/usr/lib/python2.7/shutil.py", line 82, in copyfile
with open(src, 'rb') as fsrc:
IOError: [Errno 2] No such file or directory: '/opt/nsm/bro/etc/node.cfg'
Questions about alerts
So i have one device that is creating a lot of baseline alerts. 3 questions about those:
- What are baseline alerts?
- Should i be worrying about baseline alerts?
- How do clear all of the alerts in one go?
can you post your kibana dashboards somewhere?
Thanks 😁
for those who want to install this project to one single Raspberry Pi
I'm writing about this simple guide to help those who want to install SweetSecurity to one single Pi.
yes, surely we can save money. one Pi is enough.
well, I use Pi 3B+, 1GB RAM
CPU overload will be 30%-40% after all services been started.
I also have:
- a default desktop (but I highly recommend you to install the lite system without a desktop)
- a DIY usb LCD to show system's overload & IP address.
- a 5V Fan controlled by a S8550 transistor & a simple code
to install all components on a single Pi, you need to do this:
1. use a bigger swap partition. the default partition of Pi 3 B+ is about 100M. we need more!
modifying Pi's swap partition is different from other Debain Linux! do NOT use makeswap command, because it's useless. instead, you need to modify /etc/dphys-swapfile
change CONF_SWAPSIZE from 100 to 2000000
restart the service:
sudo /etc/init.d/dphys-swapfile restart
now we have 2GB Swap partition
2.modify setup.py
comment line 82,83,85,86 in file SweetSecurity/setup.py
3.modify a pre-install lib
Pi uses Debain linux. to install Bro on Pi, you need to modify line 24,26,38,40,45,47 in file SweetSecurity/install/packages.py
change libssl-dev to libssl1.0-dev
4. now run the setup.py
NOTICE:
critical-stack-intel in this project is still not working for me(2018-08-10). there's a server issue, you can see it here:
https://groups.google.com/forum/#!topic/security-onion/axOCfBgjva4
so even I do this manually:
sudo -u critical-stack /usr/bin/critical-stack-intel --debug pull
it fails to update critical stack ip databse
when I run this:
sudo -u critical-stack /usr/bin/critical-stack-intel list
I find there's no feed been downloaded forever. no way no how.
so currently I suggest you guys use Alien Vault instead.
happy hacking
IOError:[Errno 2] No such file or directory: '/opt/nsm/bro/etc/node.cfg'
nvm this was already solved
ELK 6.3.0
I am trying to integrate SweetSecurity sensor install on a Raspberry Pi and the Wazuh ELK 6.2.4 stack. Unfortunately it appears that there was a major change going from ELK 5.x.x to ELK 6.x.x, which is detailed here: https://www.elastic.co/guide/en/elasticsearch/reference/current/removal-of-types.html
More detailed information is here: https://logz.io/blog/removal-elasticsearch-mapping-types/
Does anyone know how I can update the install files so that they would work with ELK 6.2.4?
critical-stack and lack of memory on my raspberry pi 3
Hello
what a wonderfull idea SweetSecurity
however ...
- when installing critical-stack, with many feeds, when building master file.dat ... i have a memory issue, the master.xxx.dat file can not be built ...
- i have to choose only a few feeds ... but, then, this is the "bro" process taking >90% CPU and >80% memory
- also, i had to add "@load /opt/critical-stack/frameworks/intel/" to /opt/nsm/bro/share/bro/site/local.bro
i wish you the best :)
Missing dependencies postfix/sendmail and JDK
Bro won't run in this configuration without sendmail, typically provided by postfix.
JFFI will not build without JDK, so just installing JRE on the sensor device is not enough.
sudo apt install openjdk-8-jdk postfix
sweet security troubles
good day
I am having trouble with your sweetdecurity.sh script. below is the output. I have installed node 4.X myself and I have chmoded +x all files related and still rx the output below. I have run the script twice now and each time the script runs like 4 hours. please advise before my next attempt.
(Reading database ... 128540 files and directories currently installed.)
Preparing to unpack node_latest_armhf.deb ...
Unpacking node (4.2.1-1) ...
Setting up node (4.2.1-1) ...
Processing triggers for man-db (2.7.0.2-5) ...
cp: cannot stat ‘SweetSecurity/init.d/kibana’: No such file or directory
chmod: cannot access ‘/etc/init.d/kibana’: No such file or directory
update-rc.d: error: initscript does not exist: /etc/init.d/kibana
mkdir: cannot create directory ‘/opt/SweetSecurity’: File exists
cp: cannot stat ‘SweetSecurity/pullMaliciousIP.py’: No such file or directory
cp: cannot stat ‘SweetSecurity/pullTorIP.py’: No such file or directory
python: can't open file '/opt/SweetSecurity/pullTorIP.py': [Errno 2] No such file or directory
python: can't open file '/opt/SweetSecurity/pullMaliciousIP.py': [Errno 2] No such file or directory
cp: cannot stat ‘SweetSecurity/networkDiscovery.py’: No such file or directory
cp: cannot stat ‘SweetSecurity/SweetSecurityDB.py’: No such file or directory
sed: can't read /opt/SweetSecurity/networkDiscovery.py: No such file or directory
sed: can't read /opt/SweetSecurity/networkDiscovery.py: No such file or directory
sed: can't read /opt/SweetSecurity/networkDiscovery.py: No such file or directory
sed: can't read /opt/SweetSecurity/networkDiscovery.py: No such file or directory
root@raspberrypi:/home/pi/Downloads/SweetSecurity# cd SweetSecurity/in
init.d/ installOpenVas.sh
root@raspberrypi:/home/pi/Downloads/SweetSecurity# cd SweetSecurity/init.d/
root@raspberrypi:/home/pi/Downloads/SweetSecurity/SweetSecurity/init.d# ls
kibana logstash
root@raspberrypi:/home/pi/Downloads/SweetSecurity/SweetSecurity/init.d# chmod +x kibana
root@raspberrypi:/home/pi/Downloads/SweetSecurity/SweetSecurity/init.d# ./kibana
./kibana: 20: .: Can't open /etc/init.d/functions
root@raspberrypi:/home/pi/Downloads/SweetSecurity/SweetSecurity/init.d# ls -la
Bro IDS install IOError
Having trouble with the install when reaching the Bro install..... getting this error.... Any ideas on the cause and a solution?
Installing Bro IDS
Downloading Bro IDS 2.5.1
Unpacking Bro Code
Creating Bro Directory Structures
Configuring Bro Code
Making Bro Code
Installing Bro Code
Cleaning Up Bro Installation Files
Configuring Bro
Traceback (most recent call last):
File "setup.py", line 185, in
bro.install(chosenInterface, 'localhost')
File "/home/linaro/sweetsecurity/install/bro.py", line 45, in install
shutil.move('/opt/nsm/bro/etc/node.cfg','/opt/nsm/bro/etc/node.orig')
File "/usr/lib/python2.7/shutil.py", line 302, in move
copy2(src, real_dst)
File "/usr/lib/python2.7/shutil.py", line 130, in copy2
copyfile(src, dst)
File "/usr/lib/python2.7/shutil.py", line 82, in copyfile
with open(src, 'rb') as fsrc:
IOError: [Errno 2] No such file or directory: '/opt/nsm/bro/etc/node.cfg'
Kibana service won't start
Unable to start the kibana service after running SweetSecurity script
sudo service kibana start
Job for kibana.service failed. See 'systemctl status kibana.service' and 'journalctl -xn' for details.
systemctl status kibana.service
kibana.service - LSB: start and stop kibana
Loaded: loaded (/etc/init.d/kibana)
Active: failed (Result: exit-code) since Fri 2016-04-08 05:49:46 UTC; 37s ago
Process: 26845 ExecStart=/etc/init.d/kibana start (code=exited, status=2)
SweetSecurity Flooding Logs
So I've got a 2 box setup working where I have a sensor install on one machine and the web index on another and it appears to be working?
My only issue is at the moment SweetSecurity is absolutely flooding its log file and generating too much noise.
Tailing the SweetSecurity logfile and I see this
2018-06-29 09:00:17,815: Error spoofing device: 'NoneType' object has no attribute 'getitem'
2018-06-29 09:00:17,817: Error spoofing device: 'NoneType' object has no attribute 'getitem'
2018-06-29 09:00:17,819: Error spoofing device: 'NoneType' object has no attribute 'getitem'
2018-06-29 09:00:17,821: Error spoofing device: 'NoneType' object has no attribute 'getitem'
2018-06-29 09:00:17,824: Error spoofing device: 'NoneType' object has no attribute 'getitem'
2018-06-29 09:00:17,826: Error spoofing device: 'NoneType' object has no attribute 'getitem'
2018-06-29 09:00:17,828: Error spoofing device: 'NoneType' object has no attribute 'getitem'
2018-06-29 09:00:17,830: Error spoofing device: 'NoneType' object has no attribute 'getitem'
not really sure what is going on and my own attempts to find where the problem is haven't turned up anything yet.
Suggestions/Tips on Installation on Two Pis and Best Critical Stack Feeds
Hell Travis,
Awesome work on kick starting this initiative.
I had a couple questions. After reading your install and watching your B-Sides demo, you mentioned the limitations of the Raspberry Pi. One of the limitations is the 1GB of RAM.
-
Since the install requires 2 GB total and you recommended splitting the install into two separate pis (which you have nicely provided in your script). I am assuming you mean to install the "Sensor Only" server on one pi and the "Web Server Only" server on another. is there further configurations required to get the two of them to communicate to each other in order to feed the sensor data to the kibana web server to create the beautiful diagrams, etc?
-
what ciritcal stack feeds do you recommend to use in conjunction with our bro ids?
thank you for all you do.
sincerely,
unitelife
Not receiving alerts in Kibana
Hello!
I appreciate you putting this together. I do have a quick question.
I ran the "sensor only" install on my raspberry pi 3 and the "webserver only" on my linux box. It seemed to install correctly but I am not seeing any alerts coming into Kibana. How can I ensure that they are talking to eachother? I apologize if this is a stupid question, I am new to this.
Thank you
Bro IDS + Critical stack not showing up in alerts.
Default install on Ubuntu 16.04.3 Working great for baseliner but I am not getting any bro alerts or any alerts from critical stack when i am sending triggers to the know test sites.
Any suggestions?
Critical Stack ARM deb no longer available
Hi there, currently in the setup of Sweet Security.
The deb hosted by criticalstack for the ARM architecture is unavailable, that step during the setup fails.
http://intel.criticalstack.com/client/critical-stack-intel-arm.deb
I opened a ticket with them, but haven't heard anything yet. It's friday after all.
Maybe someone has a copy of the file and could provide me with a link until there is a better solution?
Thanks in advance
Oliver
ubuntu 16.04 web only install, 500 apache error on :443
New install
Apache error log shows this:
mod_wsgi (pid=2308): Target WSGI script '/var/www/webapp/webapp.wsgi' cannot be loaded as Python module.
[Tue Nov 21 20:51:39.182414 2017] [wsgi:error] [pid 2308:tid 140455865923328] [client 10.0.0.10:38378] mod_wsgi (pid=2308): Exception occurred processing WSGI script '/var/www/webapp/webapp.wsgi'.
[Tue Nov 21 20:51:39.182470 2017] [wsgi:error] [pid 2308:tid 140455865923328] [client 10.0.0.10:38378] Traceback (most recent call last):
[Tue Nov 21 20:51:39.184855 2017] [wsgi:error] [pid 2308:tid 140455865923328] [client 10.0.0.10:38378] File "/var/www/webapp/webapp.wsgi", line 7, in <module>
[Tue Nov 21 20:51:39.185055 2017] [wsgi:error] [pid 2308:tid 140455865923328] [client 10.0.0.10:38378] from webapp import create_app
[Tue Nov 21 20:51:39.185111 2017] [wsgi:error] [pid 2308:tid 140455865923328] [client 10.0.0.10:38378] File "/var/www/webapp/webapp/__init__.py", line 18, in <module>
[Tue Nov 21 20:51:39.185259 2017] [wsgi:error] [pid 2308:tid 140455865923328] [client 10.0.0.10:38378] class ConfigClass(object):
[Tue Nov 21 20:51:39.185314 2017] [wsgi:error] [pid 2308:tid 140455865923328] [client 10.0.0.10:38378] File "/var/www/webapp/webapp/__init__.py", line 24, in ConfigClass
[Tue Nov 21 20:51:39.185399 2017] [wsgi:error] [pid 2308:tid 140455865923328] [client 10.0.0.10:38378] MAIL_PORT = int(os.getenv('MAIL_PORT', ''))
[Tue Nov 21 20:51:39.185490 2017] [wsgi:error] [pid 2308:tid 140455865923328] [client 10.0.0.10:38378] ValueError: invalid literal for int() with base 10: ''
Adding Dashboards
Trying to add the baslines dashboards:
and I have received the following error:
Saved Objects: Importing Baselines - Top 20 Websites Visited (657f7df0-7161-11e7-8ed1-ebea83d7be07) failed: Could not locate that index-pattern (id: tardis)
Saved Objects: Importing logstash_deviceScanned (3efb7ac0-2153-11e7-9cc9-d548f0e513c4) failed: Could not locate that index-pattern (id: logstash-*)
and
Saved Objects: Importing Baselines - Top 20 IP Addresses (2ada85a0-7161-11e7-8ed1-ebea83d7be07) failed: Importing Baselines - Top 20 DNS Queries (5a7ce370-7161-11e7-8ed1-ebea83d7be07) failed: Importing Baselines - Top 20 Websites Visited …
just started on Sweet Security so please be kind if this is a noob error
Error in "Importing Kibana Index Patterns
for the life of me i cant figure out how to get this resolved and unfortunately cant copy text from this environment.
Basically i'm running this up as a web-server only, on Deb Jessie.
Key error i receive now is a TIMEOUT connecting to localhost:9200 when importing the Patterns.
i've tried;
- replacing pip installation method + upgrade the applicable modules
- confirming the elastic instance responds on localhost:9200 & 127.0.0.1:9200
- removed/added/disabled iptables rules
- adding PySocks module to the build and piping traffic via a proxy to see if it communicates. (note: it didn't)
Anyone have any other ideas?
debian 9 getting error
File "setup.py", line 185, in
bro.install(chosenInterface, 'localhost')
File "/home/cert/sweetsecurity/install/bro.py", line 45, in install
shutil.move('/opt/nsm/bro/etc/node.cfg','/opt/nsm/bro/etc/node.orig')
File "/usr/lib/python2.7/shutil.py", line 302, in move
copy2(src, real_dst)
File "/usr/lib/python2.7/shutil.py", line 130, in copy2
copyfile(src, dst)
File "/usr/lib/python2.7/shutil.py", line 82, in copyfile
with open(src, 'rb') as fsrc:
IOError: [Errno 2] No such file or directory: '/opt/nsm/bro/etc/node.cfg'
sqlite3 create db script needs column for omp_id
Currently this gives you an error:
networkDiscovery.py (line 138)
c.execute("INSERT INTO hosts VALUES ('" + hostname + "'," + str(ip2long(ipaddress)) + ",'" + macaddress + "','" + macvendor + "','" + omp_id + "')")
Unless you ad a fifth text column for omp_id in your SweetSecurity.db.
I suggest the following
c.execute('''CREATE TABLE hosts(hostname text, ip4 integer, mac text, vendor text, ompid text)''')
to replace line 10 in SweetSecurityDB.py
c.execute('''CREATE TABLE hosts(hostname text, ip4 integer, mac text, vendor text)''')
error 500 after install on ubuntu 16.04
I've been trying to get this to work over the last several days but the closest I get is having the apache server return a 500 error after I log in using the credentials I chose. Has anyone else gotten this issue before? I followed all the instructions I believe exactly. Is there something simple I am missing? Thanks
Waiting for Elasticsearch to start...
Hi sir,
then i install the server by "sudo python setup.py". it always blocking in "Waiting for Elasticsearch to start..." as below.
i do not know how to do the next? how to start Elasticsearch? it has been installed?
thanks
Elasticsearch already installed
Creating elasticsearch credentials
Kibana already installed
Importing Kibana Index Patterns
Importing /root/Documents/github/SweetSecurity/kibana/patterns/logstash.json
Importing /root/Documents/github/SweetSecurity/kibana/patterns/sweet_security_alerts.json
Importing /root/Documents/github/SweetSecurity/kibana/patterns/sweet_security.json
Importing /root/Documents/github/SweetSecurity/kibana/patterns/tardis.json
Importing Dashboards
Importing /root/Documents/github/SweetSecurity/kibana/dashboards/geoip.json
Importing /root/Documents/github/SweetSecurity/kibana/dashboards/SweetSecurityAlerts.json
Importing /root/Documents/github/SweetSecurity/kibana/dashboards/logstash.json
Importing /root/Documents/github/SweetSecurity/kibana/dashboards/sweet_security.json
Importing /root/Documents/github/SweetSecurity/kibana/dashboards/baselines.json
Waiting for Elasticsearch to start...
Waiting for Elasticsearch to start...
Getting started
Now that have it all installed I can't figure out how to look at logs, or start ELK so I can see anything, not sure where to start. I looked in the install file to see if anything was in there but no luck.
Red "!" for web only install's "Sweet Security Server" service after clean install.
Red "!" for web only install's "Sweet Security Server" service.
Ubuntu server 16.04 clean install; vmware. 2GB ram, 2 cores allocated. Installed all prereqs listed on the page minus libssl1.0-dev which was not found.
Rebooting, clicking start/restart does not resolve the issue. The sweetsecurity.log file is not present in /var/log/secure.
Is this expected? I've yet to join a raspberri PI sweetsecurity client to it yet.
Bro IDS Status issue on SweetSecurity settings webpage
The Bro IDS status on the SweetSecurity Settings web page always says "crashed" even though it is running on the remote Debian9 VM I've tried restarting pretty much everything and nothing seems to change it. Anyone running into this?
Project Abandoned?
Unable to connect to Elasticsearch
I executed the ph script an everything worked flawles until the point where installing logstash beginns:
HW: Pi-3 with 32 gig SDHC card
Enter password for Elasticsearch:
Confirm password for Elasticsearch:
Enter Server IP: localhost
Bro already installed...
Installing Logstash
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 1 of 10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 2 of 10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 3 of 10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 4 of 10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 5 of 10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 6 of 10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 7 of 10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 8 of 10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 9 of 10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 10 of 10
Unable to connect to Elasticsearch
Is it not correct to put localhost into the servers IP ? I tried it with the pis staic Ip and with 127.0.0.1 which is local host and only getting "connection refused".
Im out of ideas.
Best regards Razzor
setup.py shows less than 1 GB ram on vmware
Hello Travis,
i tried to install sweet on a clean ubuntu 16.04 system. when i run setup.py i recieve
Less than 1GB of memory. You need more than this to continue.
free -t -m
gesamt benutzt frei gemns. Puffer/Cache verfügbar
Speicher: 3933 70 3736 5 126 3664
Auslagerungsspeicher: 4095 0 4095
Gesamt: 8029 70 7832
df
Dateisystem 1K-Blöcke Benutzt Verfügbar Verw% Eingehängt auf
udev 1994564 0 1994564 0% /dev
tmpfs 402820 5872 396948 2% /run
/dev/mapper/wurstsalats--vg-root 77808608 2280796 71552236 4% /
tmpfs 2014096 4 2014092 1% /dev/shm
tmpfs 5120 0 5120 0% /run/lock
tmpfs 2014096 0 2014096 0% /sys/fs/cgroup
/dev/sda1 482922 57458 400530 13% /boot
tmpfs 402820 0 402820 0% /run/user/1000
/home/arschmin/.Private 77808608 2280796 71552236 4% /home/arschmin
so, i'm sure enough ram here. what can i do to successfull install?
best
frank
PIP seems to be broken on Ubuntu
Just in case anyone gets a python error on the kibana import on Ubuntu 16.04(.3) you have to wget the get-pip.py script from bootstrap and run that to get the latest working PIP. I dont know if its a good idea to put this as an issue here as its not, its just something people might run into so i wanted to share my fix.
Can this solution be used in a small medium enterprise?
IOError: No such file or directory: /etc/apache2/sites-available/000-default.conf
Trying to deploy this to two different pis to test it out and I'm getting IO errors for the Web Server Only install option.
No matching indices found: No indices match pattern "logstash-*"
After installing it in Linux Mint 18 (VM) I access Kibana and it shows "No matching indices found: No indices match pattern "logstash-*"".
The default index in Advanced Settings is: logstash-*
Nothing is discovered.
Also I cannot access the Sweet Security WebApp .(As it's a testing machine I used the same pwd for webapp and elastic )
Do you know how I can fix it?
On the vm I can ping successfully the other network devices.
[Kibana Discover doesn't work]
Hello,
Kibana Discover doesn't work.
The page was refreshed and the cache cleared.
When changed from other tab (dashboard) to discover it doesn't also work.
Thank you
Kibana Index Patterns
Hi,
The installation was sucessful, but when i go to Kibana I have this warning :
Warning No default index pattern. You must select or create one to continue.
Is there any patten we have to put ?
Thanks
Kibana not running
Hello, I've install without any error Sweetsecurity which i found very interresting
Before and after reboot kibana isn't running
When i start it manually in /opt.. , i get following message which continue unitil i kill it
Seems localhost port 9200 isn't open
Below processes list
(Running on a pi2 Under Jessy)
What did i miss and how to correct the Problem ?
Thanks for Your help
Guy (from France)
{"name":"Kibana","hostname":"raspi-tripwire","pid":805,"level":50,"err":"Request error, retrying -- connect ECONNREFUSED 127.0.0.1:9200","msg":"","time":"2016-04-03T11:54:41.394Z","v":0}
{"name":"Kibana","hostname":"raspi-tripwire","pid":805,"level":40,"msg":"Unable to revive connection: http://localhost:9200/","time":"2016-04-03T11:54:41.456Z","v":0}
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 11:49 ? 00:00:04 /sbin/init
root 2 0 0 11:49 ? 00:00:00 [kthreadd]
root 3 2 0 11:49 ? 00:00:00 [ksoftirqd/0]
root 5 2 0 11:49 ? 00:00:00 [kworker/0:0H]
root 6 2 0 11:49 ? 00:00:00 [kworker/u8:0]
root 7 2 0 11:49 ? 00:00:00 [rcu_sched]
root 8 2 0 11:49 ? 00:00:00 [rcu_bh]
root 9 2 0 11:49 ? 00:00:00 [migration/0]
root 10 2 0 11:49 ? 00:00:00 [migration/1]
root 11 2 0 11:49 ? 00:00:00 [ksoftirqd/1]
root 13 2 0 11:49 ? 00:00:00 [kworker/1:0H]
root 14 2 0 11:49 ? 00:00:00 [migration/2]
root 15 2 0 11:49 ? 00:00:00 [ksoftirqd/2]
root 17 2 0 11:49 ? 00:00:00 [kworker/2:0H]
root 18 2 0 11:49 ? 00:00:00 [migration/3]
root 19 2 0 11:49 ? 00:00:00 [ksoftirqd/3]
root 20 2 0 11:49 ? 00:00:00 [kworker/3:0]
root 21 2 0 11:49 ? 00:00:00 [kworker/3:0H]
root 22 2 0 11:49 ? 00:00:00 [khelper]
root 23 2 0 11:49 ? 00:00:00 [kdevtmpfs]
root 24 2 0 11:49 ? 00:00:00 [netns]
root 25 2 0 11:49 ? 00:00:00 [perf]
root 26 2 0 11:49 ? 00:00:00 [khungtaskd]
root 27 2 0 11:49 ? 00:00:00 [writeback]
root 28 2 0 11:49 ? 00:00:00 [crypto]
root 29 2 0 11:49 ? 00:00:00 [bioset]
root 30 2 0 11:49 ? 00:00:00 [kblockd]
root 31 2 0 11:49 ? 00:00:00 [kworker/1:1]
root 32 2 0 11:49 ? 00:00:00 [rpciod]
root 33 2 0 11:49 ? 00:00:00 [kswapd0]
root 34 2 0 11:49 ? 00:00:00 [fsnotify_mark]
root 35 2 0 11:49 ? 00:00:00 [nfsiod]
root 41 2 0 11:49 ? 00:00:00 [kthrotld]
root 43 2 0 11:49 ? 00:00:00 [VCHIQ-0]
root 44 2 0 11:49 ? 00:00:00 [VCHIQr-0]
root 45 2 0 11:49 ? 00:00:00 [VCHIQs-0]
root 46 2 0 11:49 ? 00:00:00 [iscsi_eh]
root 47 2 0 11:49 ? 00:00:00 [dwc_otg]
root 48 2 0 11:49 ? 00:00:00 [DWC Notificatio]
root 49 2 0 11:49 ? 00:00:00 [kworker/u8:1]
root 50 2 0 11:49 ? 00:00:00 [kworker/2:1]
root 51 2 0 11:49 ? 00:00:01 [mmcqd/0]
root 52 2 0 11:49 ? 00:00:00 [VCHIQka-0]
root 53 2 0 11:49 ? 00:00:00 [SMIO]
root 54 2 0 11:49 ? 00:00:00 [deferwq]
root 55 2 0 11:49 ? 00:00:00 [kworker/1:2]
root 56 2 0 11:49 ? 00:00:00 [jbd2/mmcblk0p2-]
root 57 2 0 11:49 ? 00:00:00 [ext4-rsv-conver]
root 59 2 0 11:49 ? 00:00:00 [ipv6_addrconf]
root 96 2 0 11:49 ? 00:00:00 [kworker/2:2]
root 104 1 0 11:49 ? 00:00:00 /lib/systemd/systemd-journald
root 107 1 0 11:49 ? 00:00:00 /lib/systemd/systemd-udevd
root 230 2 0 11:49 ? 00:00:00 [kworker/3:2]
root 346 1 0 11:49 ? 00:00:00 /usr/sbin/cron -f
root 349 1 0 11:49 ? 00:00:00 /lib/systemd/systemd-logind
avahi 353 1 0 11:49 ? 00:00:00 avahi-daemon: running [raspi-tripwire.local]
message+ 355 1 0 11:49 ? 00:00:00 /usr/bin/dbus-daemon --system --address=systemd: --n
nobody 371 1 0 11:49 ? 00:00:00 /usr/sbin/thd --daemon --triggers /etc/triggerhappy/
root 376 2 0 11:49 ? 00:00:00 [cfg80211]
root 380 1 0 11:49 ? 00:00:00 /sbin/dhcpcd -q -b
avahi 386 353 0 11:49 ? 00:00:00 avahi-daemon: chroot helper
logstash 402 1 17 11:49 ? 00:02:17 /usr/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweep
root 439 2 0 11:49 ? 00:00:00 [kworker/2:1H]
root 440 2 0 11:49 ? 00:00:00 [kworker/1:1H]
root 441 2 0 11:49 ? 00:00:00 [kworker/3:1H]
root 444 1 0 11:49 ? 00:00:00 /usr/sbin/rsyslogd -n
root 475 1 0 11:49 ? 00:00:00 /usr/sbin/sshd -D
root 513 2 0 11:49 ? 00:00:00 [kworker/0:2]
root 520 1 0 11:49 tty1 00:00:00 /bin/login -f
root 522 1 0 11:49 ? 00:00:00 /sbin/agetty --keep-baud 115200 38400 9600 ttyAMA0 v
ntp 525 1 0 11:49 ? 00:00:00 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:111
pi 561 1 0 11:49 ? 00:00:00 /lib/systemd/systemd --user
pi 568 561 0 11:49 ? 00:00:00 (sd-pam)
pi 576 520 0 11:49 tty1 00:00:00 -bash
root 751 475 0 11:51 ? 00:00:00 sshd: pi [priv]
pi 761 751 0 11:51 ? 00:00:00 sshd: pi@pts/0
pi 764 761 0 11:51 pts/0 00:00:00 -bash
root 804 2 0 11:54 ? 00:00:00 [kworker/0:0]
root 826 2 0 11:58 ? 00:00:00 [kworker/3:1]
root 830 2 0 12:00 ? 00:00:00 [kworker/0:1]
pi 837 764 0 12:02 pts/0 00:00:00 ps -ef
kibana can't find mapping
Aftr install and manual start of kibana "sudo sh /opt/kibana/bin/kibana "
Kibana is unable to find the logstash-* index.
Error:
unable to fetch mapping
shuts down network?
I've installed everything, but now when I turn on the Rpi it doesn't allow devices on my home network to connect to the internet. Is this a situation where the pi is overloaded, its started locking up when I turn it on and try to even move the mouse around.
Error in setup.py : bro.install(chosenInterface, esServer)
Installing Bro IDS
Downloading Bro IDS 2.5.1
Unpacking Bro Code
Creating Bro Directory Structures
Configuring Bro Code
Making Bro Code
Installing Bro Code
Cleaning Up Bro Installation Files
Configuring Bro
Traceback (most recent call last):
File "setup.py", line 257, in <module>
bro.install(chosenInterface, esServer)
File "/home/pi/Desktop/SweetSecurity/install/bro.py", line 45, in install
shutil.move('/opt/nsm/bro/etc/node.cfg','/opt/nsm/bro/etc/node.orig')
File "/usr/lib/python2.7/shutil.py", line 325, in move
copy2(src, real_dst)
File "/usr/lib/python2.7/shutil.py", line 153, in copy2
copyfile(src, dst)
File "/usr/lib/python2.7/shutil.py", line 96, in copyfile
with open(src, 'rb') as fsrc:
IOError: [Errno 2] No such file or directory: '/opt/nsm/bro/etc/node.cfg'
pi@raspberrypi:~/Desktop/SweetSecurity $
Also has this project been abandoned?
Anyone replicated this on any of the Kali Linux ARM images?
Debian 8 CFFI failure Kibana import during install
Starting Kibana
Importing Kibana Index Patterns
Importing /home/user/sweetsecurity/kibana/patterns/sweet_security_alerts.json
Traceback (most recent call last):
File "setup.py", line 220, in
kibana.install(chosenInterfaceIP)
File "/home/user/sweetsecurity/install/kibana.py", line 85, in install
importIndexMapping(os.path.join(patternPath, file))
File "/home/user/sweetsecurity/install/kibana.py", line 117, in importIndexMapping
from elasticsearch import Elasticsearch
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/init.py", line 17, in
from .client import Elasticsearch
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/init.py", line 4, in
from ..transport import Transport
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 4, in
from .connection import Urllib3HttpConnection
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/init.py", line 2, in
from .http_requests import RequestsHttpConnection
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_requests.py", line 4, in
import requests
File "/usr/lib/python2.7/dist-packages/requests/init.py", line 68, in
_attach_namespace(urllib3, 'requests.packages')
File "/usr/lib/python2.7/dist-packages/requests/init.py", line 63, in _attach_namespace
module = import(name)
File "/usr/lib/python2.7/dist-packages/urllib3/contrib/pyopenssl.py", line 55, in
import OpenSSL.SSL
File "/usr/local/lib/python2.7/dist-packages/OpenSSL/init.py", line 8, in
from OpenSSL import rand, crypto, SSL
File "/usr/local/lib/python2.7/dist-packages/OpenSSL/rand.py", line 10, in
from OpenSSL._util import (
File "/usr/local/lib/python2.7/dist-packages/OpenSSL/_util.py", line 18, in
no_zero_allocator = ffi.new_allocator(should_clear_after_alloc=False)
AttributeError: 'FFI' object has no attribute 'new_allocator'
Tinker Board
Travis,
this is good stuff. I am trying to install all components on a tinker board but I'm getting an error. I am using the latest debian OS for the tinker (2.0.3) and it seems pretty standard. I have put a big sd card on this thing and wanted to see how it did in a home. It gave me an excuse to buy one :-) but not working. thoughts?
File "setup.py", line 257, in <module>
bro.install(chosenInterface, esServer)
File "/home/linaro/sweetsecurity/install/bro.py", line 45, in install
shutil.move('/opt/nsm/bro/etc/node.cfg','/opt/nsm/bro/etc/node.orig')
File "/usr/lib/python2.7/shutil.py", line 302, in move
copy2(src, real_dst)
File "/usr/lib/python2.7/shutil.py", line 130, in copy2
copyfile(src, dst)
File "/usr/lib/python2.7/shutil.py", line 82, in copyfile
with open(src, 'rb') as fsrc:
IOError: [Errno 2] No such file or directory: '/opt/nsm/bro/etc/node.cfg'
Sensor only install
Just read your IDS article on tripwire.com and decided to give it a shot since I had a spare raspberry pi 3 lying around. It looks like from the code that if you choose option 2 (sensor only) that it tries to connect to elasticsearch during the logstash installation process but elasticsearch doesn't install for option 2. It tries to connect 10 times and then exits. I'm not a programmer so forgive me if this is way off. Looks like you just updated the files so maybe you're still working out some bugs.
setup.py on clean system complaining about lack of memory
Dear Travis,
I'm trying to install the "sensor"-batch of programs of your sweet suite. However, even on a clean raspbian system, when running the setup.py script, I get the complaint that I have less than 1 GB of memory, and that I need more than that to continue.
Available space on the root partition is 24G. RAM's not something I can change. Curious to know how this should be installed.
Question about the install script (SweetSecurity.sh)
In line #74 we do:
sudo cp SweetSecurity/logstash.conf /etc/logstash/conf.d
However, later in #105 we do:
sudo sed -i -- "s/SMTP_HOST/"$smtpHost"/g" /opt/logstash/logstash.conf
but the logstash.conf file was copied into the /etc/logstash/conf.d directory and not the /opt/logstash directory.
GeoIP
How do I get geoip working in logstash and kibana? Can you upload a config file with geoip?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.