Graylog2-server: Spamhaus-drop missing data adapter
Setting up Threat Intelligence lookup and receive the below errors for spamhaus-drop - all other indicators appear functioning, tested with know good and bad IPs. clean install of 3.0 beta 3 ubuntu 18.04 package install, upgraded to RC1 via package update. Content packs look good, lookup table and cache return expected results - when i go into data adapter for spamhuas i receive only this text error “Unknown data adapter type FallbackAdapterConfig. Is the plugin missing?” I have since diabled the plug-in to stop the server log from scrolling.
2019-01-31T09:48:22.185-05:00 WARN [LookupTableService] Unable to load data adapter spamhaus-drop of type FallbackAdapterConfig, missing a factory. Is a required plugin missing?
2019-01-31T09:48:24.864-05:00 WARN [LookupTableService] Lookup table spamhaus-drop is referencing a missing data adapter 5c530770d5b29e057d041731, check if it started properly.
2019-01-31T10:10:50.118-05:00 WARN [LookupTableService] Lookup table does not exist
Spamhaus-drop missing data adapter
Installed Tor Exit Node List, abuse.ch Ransomware, and Spamhaus DROP Content packs. Configured Threat Intelligenceplugin to allow Tor exit node lookups, Spamhaus DROP/EDROP lookups, Abuse.ch Ransomware tracker lookups. Configured pipoelines and rules for threat indicators. Expected previous version behavior of all lookups working properly.
Tor exit and abuse.ch are working as expected, tested against known IP addresses. I receive the below errors for spamhaus-drop and spamhaus known bad IPs are not flagged.
2019-01-31T09:48:22.185-05:00 WARN [LookupTableService] Unable to load data adapter spamhaus-drop of type FallbackAdapterConfig, missing a factory. Is a required plugin missing?
2019-01-31T09:48:24.864-05:00 WARN [LookupTableService] Lookup table spamhaus-drop is referencing a missing data adapter 5c530770d5b29e057d041731, check if it started properly.
2019-01-31T10:10:50.118-05:00 WARN [LookupTableService] Lookup table does not exist
when i go into data adapter for spamhuas i receive only this text error “Unknown data adapter type FallbackAdapterConfig. Is the plugin missing?” I have since diabled the plug-in to stop the server log from scrolling.
Graylog
3.0.0-10.rc.1
Elasticsearch
"version" : {
"number" : "5.6.14",
"build_hash" : "f310fe9",
"build_date" : "2018-12-05T21:20:16.416Z",
"build_snapshot" : false,
"lucene_version" : "6.6.1"
MongoDB
db version v3.6.10
git version: 3e3ab85bfb98875af3bc6e74eeb945b0719f69c8
OpenSSL version: OpenSSL 1.0.2n 7 Dec 2017
allocator: tcmalloc
modules: none
build environment:
distmod: ubuntu1604
distarch: x86_64
target_arch: x86_64
Ubuntu 18.04.1 LTS
mhaasEFD
All 4 comments
@mhaasEFD Thank you very much for the report! We identified the problem and will fix it for the final release.
bernd
on 7 Feb 2019
I used the upgrade via deb repository to install the final release – issue still exists. Will I need a clean install?
Michael Haas
MIS Coordinator
Evesham Township Fire District No.1
From: Bernd Ahlers notifications@github.com
Sent: Thursday, February 07, 2019 10:34 AM
To: Graylog2/graylog2-server graylog2-server@noreply.github.com
Cc: Haas, Michael mhaas@eveshamfire.org; Mention mention@noreply.github.com
Subject: Re: [Graylog2/graylog2-server] Spamhaus-drop missing data adapter (#5636)
@mhaasEFDhttps://github.com/mhaasEFD Thank you very much for the report! We identified the problem and will fix it for the final release.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com/Graylog2/graylog2-server/issues/5636#issuecomment-461472086, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AtDtbI-QQ5jF5jdx5RhOVQlD8BBLsqwfks5vLEddgaJpZM4aeWZH.
mhaasEFD
on 15 Feb 2019
@mhaasEFD Yes, you have to cleanup some entries in the database using the mongo shell.
$ mongo graylog # if "graylog" is your database name
> db.cluster_config.remove({"type":"org.graylog.plugins.threatintel.migrations.V20180906112716_RecreateThreatintelLookupTables.MigrationCompleted"});
> db.cluster_config.remove({"type":"org.graylog2.migrations.V20180924111644_AddDefaultGrokPatterns.MigrationCompleted"});
> db.content_packs.remove({});
> db.content_packs_installations.remove({});
Also remove the spamhaus lookup table, cache and adapter. After a restart your setup should be good again.
bernd
on 28 Feb 2019
That did it, thanks!
Michael Haas
MIS Coordinator
Evesham Township Fire District No.1
From: Bernd Ahlers notifications@github.com
Sent: Thursday, February 28, 2019 5:26 AM
To: Graylog2/graylog2-server graylog2-server@noreply.github.com
Cc: Haas, Michael mhaas@eveshamfire.org; Mention mention@noreply.github.com
Subject: Re: [Graylog2/graylog2-server] Spamhaus-drop missing data adapter (#5636)
@mhaasEFDhttps://github.com/mhaasEFD Yes, you have to cleanup some entries in the database using the mongo shell.
$ mongo graylog # if "graylog" is your database name
db.cluster_config.remove({"type":"org.graylog.plugins.threatintel.migrations.V20180906112716_RecreateThreatintelLookupTables.MigrationCompleted"});
db.cluster_config.remove({"type":"org.graylog2.migrations.V20180924111644_AddDefaultGrokPatterns.MigrationCompleted"});
db.content_packs.remove({});
db.content_packs_installations.remove({});
Also remove the spamhaus lookup table, cache and adapter. After a restart your setup should be good again.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com/Graylog2/graylog2-server/issues/5636#issuecomment-468219757, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AtDtbNqMl6FA2q0Ulwy_u-ObYu8YZKVmks5vR66dgaJpZM4aeWZH.
mhaasEFD
on 28 Feb 2019
Related issues
1tft
·
3Comments
deanilenko
·
3Comments
cflinspach
·
3Comments
lennartkoopmann
·
4Comments
bernd
·
3Comments