Can't see any logs in kibana #9
Comments
|
On the bottom of the manual is a section that handles this, dumping containers e.d.
to analyse data tcpdump -i eth0 (or whatever you have) -w - | nc <bro> 1969.
always check your logs
docker logs bro
docker logs elasticsearch
And if you want an answer describe problem & your commands logging etc…
… On 24 Nov 2016, at 17:33, alxbob ***@***.***> wrote:
I setup a 3 elk cluster kibana and bro with xinetd-elasticsearch role i send traffic with /dev/stdout but i can't see any logsin kibana. Any advice?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub <#9>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ALzmMvz9KhMCtVksLsjZVeXm9oHrWrxFks5rBbxjgaJpZM4K70wP>.
|
|
My mistake let me describe it as complete as possible: VOLUMESelastic-data-master: elastic-data-node01: elastic-data-node02: nginxnginx:
ELASTICSEARCHelasticsearch-master:
elasticsearch-node01:
elasticsearch-node02:
KIBANAkibana:
BRObro-xinitd:
mappingbro-mapping:
kibana configkibana-config:
I run docker-compose pull/up dockers are up and running. I see kibana on ip:5601 |
|
Give me the output of
docker ps -a
and
docker-compose logs
btw i see your nc is wrong its nc <host> <port>
… On 24 Nov 2016, at 19:35, alxbob ***@***.***> wrote:
My mistake let me describe it as complete as possible:
As far as i understand for live traffic capture i need 3 elk containers 1 kibana and 1 bro-xinetd so
I modified the docker-compose.yml to this 👍
VOLUMES
elastic-data-master:
image: tianon/true
volumes:
- /usr/share/elasticsearch/data
elastic-data-node01:
image: tianon/true
volumes:
- /usr/share/elasticsearch/data
elastic-data-node02:
image: tianon/true
volumes:
- /usr/share/elasticsearch/data
nginx
nginx:
image: danielguerra/bro-elasticsearch-nginx
hostname: nginx
links:
"elasticsearch-master:master"
"elasticsearch-node01:node01"
"elasticsearch-node02:node02"
ports:
"9200:9200"
"9300:9300"
ELASTICSEARCH
elasticsearch-master:
image: danielguerra/alpine-elasticsearch
command: -Des.network.bind_host=elasticsearch-master --cluster.name=bro --node.name=elasticsearch-master --discovery.zen.ping.multicast.enabled=false --network.host=elasticsearch-master
hostname: elasticsearch-master
volumes_from:
"elastic-data-master"
elasticsearch-node01:
image: danielguerra/alpine-elasticsearch
command: -Des.network.bind_host=elasticsearch-node01 --cluster.name=bro --node.name=elasticsearch-node01 --discovery.zen.ping.unicast.hosts=master:9300 --network.host=elasticsearch-node01
hostname: elasticsearch-node01
links:
"elasticsearch-master:master"
volumes_from:
"elastic-data-node01"
elasticsearch-node02:
image: danielguerra/alpine-elasticsearch
command: -Des.network.bind_host=elasticsearch-node02 --cluster.name=bro --node.name=elasticsearch-node02 --discovery.zen.ping.unicast.hosts=master:9300 --network.host=elasticsearch-node02
hostname: elasticsearch-node02
links:
"elasticsearch-master:master"
volumes_from:
"elastic-data-node02"
KIBANA
kibana:
image: kibana:4.6
hostname: kibana
ports:
"5601:5601"
links:
"nginx:elasticsearch"
BRO
bro-xinitd:
image: danielguerra/bro-debian-elasticsearch
command: /role/xinetd-elasticsearch
hostname: bro-xinetd
links:
"nginx:elasticsearch"
ports:
"1969:1969"
mapping
bro-mapping:
image: danielguerra/bro-debian-elasticsearch
command: /scripts/bro-mapping.sh
links:
"nginx:elasticsearch"
kibana config
kibana-config:
image: danielguerra/bro-kibana-config
links:
"elasticsearch-master:elasticsearch"
I run docker-compose pull/up dockers are up and running. I see kibana on ip:5601
and i start tcpdump -i eth0 -w - | nc 1969 or tcpdump -i eth0 -w - /dev/stdout | nc 1969. Inside bro-xinetd container i see tcpdump packets arriving and periodically bro -r service running but nothing on kibana. Thanks again for your help
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#9 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ALzmMldYY65eBVlULoYaarVrzfVh8bPiks5rBdjigaJpZM4K70wP>.
|
|
My nc is tcpdump -i eth1 -s 0 -w /dev/stdout | nc 10.0.0.27 1969 also tried tcpdump -i eth1 -s 0 -w - | nc 10.0.0.27 1969 docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES docker-compose logs Attaching to anakata_bro-xinitd_1, anakata_bro-mapping_1, anakata_kibana_1, anakata_nginx_1, anakata_elasticsearch-node02_1, anakata_elasticsearch-node01_1, anakata_kibana-config_1, anakata_elasticsearch-master_1, anakata_elastic-data-node01_1, anakata_elastic-data-node02_1, anakata_elastic-data-master_1 |
|
First to know your network interfaces with the command
ifconfig
On a linux/docker normal is eth0
I would do a tcpdump without nc to see what is the output
tcpdump -i eth0 -vv
If any data comes into port 1969 its written in the bro container in /bro/pcap
After a while you should see elastic-master logs new index reports [conn] [ssl]
make sure you can ping 10.0.0.27 from where you are dong youre tcpdump.
maybe check telnet 10.0.0.27 1969 to check if its listening
… On 24 Nov 2016, at 19:56, alxbob ***@***.***> wrote:
My nc is tcpdump -i eth1 -s 0 -w /dev/stdout | nc 10.0.0.27 1969 also tried tcpdump -i eth1 -s 0 -w - | nc 10.0.0.27 1969
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6e7ca01b5e4e danielguerra/bro-debian-elasticsearch "/role/xinetd-elastic" 39 seconds ago Up 30 seconds 22/tcp, 47761-47762/tcp, 0.0.0.0:1969->1969/tcp anakata_bro-xinitd_1
fbda57c2c830 danielguerra/bro-debian-elasticsearch "/scripts/bro-mapping" 39 seconds ago Exited (0) 29 seconds ago anakata_bro-mapping_1
1a2c2b0a5b8c kibana:4.6 "/docker-entrypoint.s" 39 seconds ago Up 31 seconds 0.0.0.0:5601->5601/tcp anakata_kibana_1
c4dd6ae4214f danielguerra/bro-elasticsearch-nginx "nginx -g 'daemon off" About a minute ago Up 40 seconds 80/tcp, 0.0.0.0:9200->9200/tcp, 443/tcp, 0.0.0.0:9300->9300/tcp anakata_nginx_1
87b9b0af6948 danielguerra/alpine-elasticsearch "docker-entrypoint.sh" 2 minutes ago Up 2 minutes 9200/tcp, 9300/tcp anakata_elasticsearch-node02_1
066fae96562b danielguerra/alpine-elasticsearch "docker-entrypoint.sh" 2 minutes ago Up About a minute 9200/tcp, 9300/tcp anakata_elasticsearch-node01_1
a5d49aeb446e danielguerra/bro-kibana-config "/start.sh" 2 minutes ago Exited (0) 21 seconds ago anakata_kibana-config_1
527f0121e7ce danielguerra/alpine-elasticsearch "docker-entrypoint.sh" 3 minutes ago Up 2 minutes 9200/tcp, 9300/tcp anakata_elasticsearch-master_1
588cec1fa970 tianon/true "/true" 5 minutes ago Exited (0) 5 minutes ago anakata_elastic-data-node01_1
edcac2019405 tianon/true "/true" 5 minutes ago Exited (0) 5 minutes ago anakata_elastic-data-node02_1
d07a2365c7dd tianon/true "/true" 5 minutes ago Exited (0) 5 minutes ago anakata_elastic-data-master_1
docker-compose logs
Attaching to anakata_bro-xinitd_1, anakata_bro-mapping_1, anakata_kibana_1, anakata_nginx_1, anakata_elasticsearch-node02_1, anakata_elasticsearch-node01_1, anakata_kibana-config_1, anakata_elasticsearch-master_1, anakata_elastic-data-node01_1, anakata_elastic-data-node02_1, anakata_elastic-data-master_1
kibana_1 | ***@***.*** ***@***.***","info"],"pid":11,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
kibana_1 | ***@***.*** ***@***.***","info"],"pid":11,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"}
kibana_1 | ***@***.*** ***@***.***","info"],"pid":11,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
kibana_1 | ***@***.*** ***@***.***","info"],"pid":11,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
kibana_1 | ***@***.*** ***@***.***","info"],"pid":11,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
kibana_1 | ***@***.*** ***@***.***","info"],"pid":11,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
kibana_1 | ***@***.*** ***@***.***","info"],"pid":11,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
kibana_1 | ***@***.*** ***@***.***","info"],"pid":11,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
kibana_1 | ***@***.*** <https://github.com/timestamp>":"2016-11-24T18:54:55Z","tags":["listening","info"],"pid":11,"message":"Server running at http://0.0.0.0:5601 <http://0.0.0.0:5601/>"}
kibana_1 | ***@***.*** ***@***.***","info"],"pid":11,"state":"green","message":"Status changed from yellow to green - Kibana index ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
kibana_1 | ***@***.*** <https://github.com/timestamp>":"2016-11-24T18:55:05Z","tags":[],"pid":11,"method":"get","statusCode":200,"req":{"url":"/","method":"get","headers":{"host":"10.0.0.27:5601","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","connection":"keep-alive","pragma":"no-cache","cache-control":"no-cache"},"remoteAddress":"10.8.0.2","userAgent":"10.8.0.2"},"res":{"statusCode":200,"responseTime":70,"contentLength":9},"message":"GET / 200 70ms - 9.0B"}
bro-mapping_1 | % Total % Received % Xferd Average Speed Time Time Time Current
bro-mapping_1 | Dload Upload Total Spent Left Speed
kibana_1 | ***@***.*** <https://github.com/timestamp>":"2016-11-24T18:55:06Z","tags":[],"pid":11,"method":"get","statusCode":200,"req":{"url":"/","method":"get","headers":{"host":"10.0.0.27:5601","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","connection":"keep-alive"},"remoteAddress":"10.8.0.2","userAgent":"10.8.0.2"},"res":{"statusCode":200,"responseTime":4,"contentLength":9},"message":"GET / 200 4ms - 9.0B"}
100 364 100 364 0 0 50117 0 --:--:-- --:--:-- --:--:-- 52000
bro-mapping_1 | {
kibana_1 | ***@***.*** <https://github.com/timestamp>":"2016-11-24T18:55:07Z","tags":[],"pid":11,"method":"get","statusCode":200,"req":{"url":"/app/kibana","method":"get","headers":{"host":"10.0.0.27:5601","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","referer":"http://10.0.0.27:5601/","connection":"keep-alive"},"remoteAddress":"10.8.0.2","userAgent":"10.8.0.2","referer":"http://10.0.0.27:5601/"},"res":{"statusCode":200,"responseTime":17,"contentLength":9},"message":"GET <http://10.0.0.27:5601/%22,%22connection%22:%22keep-alive%22%7D,%22remoteAddress%22:%2210.8.0.2%22,%22userAgent%22:%2210.8.0.2%22,%22referer%22:%22http://10.0.0.27:5601/%22%7D,%22res%22:%7B%22statusCode%22:200,%22responseTime%22:17,%22contentLength%22:9%7D,%22message%22:%22GET> /app/kibana 200 17ms - 9.0B"}
elasticsearch-node02_1 | [2016-11-24 18:53:40,076][INFO ][node ] [elasticsearch-node02] version[2.4.1], pid[10], build[c67dc32/2016-09-27T18:57:55Z]
kibana_1 | ***@***.*** <https://github.com/timestamp>":"2016-11-24T18:55:07Z","tags":[],"pid":11,"method":"get","statusCode":304,"req":{"url":"/bundles/commons.style.css?v=10154","method":"get","headers":{"host":"10.0.0.27:5601","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","accept":"text/css,/;q=0.1","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","referer":"http://10.0.0.27:5601/app/kibana","connection":"keep-alive","if-modified-since":"Fri <http://10.0.0.27:5601/app/kibana%22,%22connection%22:%22keep-alive%22,%22if-modified-since%22:%22Fri>, 04 Nov 2016 15:24:00 GMT"},"remoteAddress":"10.8.0.2","userAgent":"10.8.0.2","referer":"http://10.0.0.27:5601/app/kibana"},"res":{"statusCode":304,"responseTime":9,"contentLength":9},"message":"GET <http://10.0.0.27:5601/app/kibana%22%7D,%22res%22:%7B%22statusCode%22:304,%22responseTime%22:9,%22contentLength%22:9%7D,%22message%22:%22GET> /bundles/commons.style.css?v=10154 304 9ms - 9.0B"}
elasticsearch-node02_1 | [2016-11-24 18:53:40,076][INFO ][node ] [elasticsearch-node02] initializing ...
elasticsearch-node02_1 | [2016-11-24 18:53:40,615][INFO ][plugins ] [elasticsearch-node02] modules [reindex, lang-expression, lang-groovy], plugins [], sites []
kibana_1 | ***@***.*** <https://github.com/timestamp>":"2016-11-24T18:55:07Z","tags":[],"pid":11,"method":"get","statusCode":304,"req":{"url":"/bundles/kibana.style.css?v=10154","method":"get","headers":{"host":"10.0.0.27:5601","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","accept":"text/css,/;q=0.1","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","referer":"http://10.0.0.27:5601/app/kibana","connection":"keep-alive","if-modified-since":"Fri <http://10.0.0.27:5601/app/kibana%22,%22connection%22:%22keep-alive%22,%22if-modified-since%22:%22Fri>, 04 Nov 2016 15:24:00 GMT"},"remoteAddress":"10.8.0.2","userAgent":"10.8.0.2","referer":"http://10.0.0.27:5601/app/kibana"},"res":{"statusCode":304,"responseTime":7,"contentLength":9},"message":"GET <http://10.0.0.27:5601/app/kibana%22%7D,%22res%22:%7B%22statusCode%22:304,%22responseTime%22:7,%22contentLength%22:9%7D,%22message%22:%22GET> /bundles/kibana.style.css?v=10154 304 7ms - 9.0B"}
elasticsearch-node02_1 | [2016-11-24 18:53:40,637][INFO ][env ] [elasticsearch-node02] using [1] data paths, mounts [[/usr/share/elasticsearch/data (/dev/dm-0)]], net usable_space [25.1gb], net total_space [29.8gb], spins? [possibly], types [ext4]
elasticsearch-node02_1 | [2016-11-24 18:53:40,637][INFO ][env ] [elasticsearch-node02] heap size [990.7mb], compressed ordinary object pointers [true]
kibana_1 | ***@***.*** <https://github.com/timestamp>":"2016-11-24T18:55:07Z","tags":[],"pid":11,"method":"get","statusCode":304,"req":{"url":"/bundles/commons.bundle.js?v=10154","method":"get","headers":{"host":"10.0.0.27:5601","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","accept":"/","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","referer":"http://10.0.0.27:5601/app/kibana","connection":"keep-alive","if-modified-since":"Fri <http://10.0.0.27:5601/app/kibana%22,%22connection%22:%22keep-alive%22,%22if-modified-since%22:%22Fri>, 04 Nov 2016 15:24:00 GMT"},"remoteAddress":"10.8.0.2","userAgent":"10.8.0.2","referer":"http://10.0.0.27:5601/app/kibana"},"res":{"statusCode":304,"responseTime":8,"contentLength":9},"message":"GET <http://10.0.0.27:5601/app/kibana%22%7D,%22res%22:%7B%22statusCode%22:304,%22responseTime%22:8,%22contentLength%22:9%7D,%22message%22:%22GET> /bundles/commons.bundle.js?v=10154 304 8ms - 9.0B"}
elasticsearch-node02_1 | [2016-11-24 18:53:44,430][INFO ][node ] [elasticsearch-node02] initialized
elasticsearch-node02_1 | [2016-11-24 18:53:44,431][INFO ][node ] [elasticsearch-node02] starting ...
elasticsearch-node02_1 | [2016-11-24 18:53:44,575][INFO ][transport ] [elasticsearch-node02] publish_address {172.17.0.5:9300}, bound_addresses {172.17.0.5:9300}
bro-mapping_1 | "name" : "elasticsearch-master",
kibana_1 | ***@***.*** <https://github.com/timestamp>":"2016-11-24T18:55:07Z","tags":[],"pid":11,"method":"get","statusCode":304,"req":{"url":"/bundles/kibana.bundle.js?v=10154","method":"get","headers":{"host":"10.0.0.27:5601","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","accept":"/","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","referer":"http://10.0.0.27:5601/app/kibana","connection":"keep-alive","if-modified-since":"Fri <http://10.0.0.27:5601/app/kibana%22,%22connection%22:%22keep-alive%22,%22if-modified-since%22:%22Fri>, 04 Nov 2016 15:24:00 GMT"},"remoteAddress":"10.8.0.2","userAgent":"10.8.0.2","referer":"http://10.0.0.27:5601/app/kibana"},"res":{"statusCode":304,"responseTime":3,"contentLength":9},"message":"GET <http://10.0.0.27:5601/app/kibana%22%7D,%22res%22:%7B%22statusCode%22:304,%22responseTime%22:3,%22contentLength%22:9%7D,%22message%22:%22GET> /bundles/kibana.bundle.js?v=10154 304 3ms - 9.0B"}
bro-mapping_1 | "cluster_name" : "bro",
bro-mapping_1 | "cluster_uuid" : "UpuV9kudS9K390SPADJ75g",
kibana_1 | ***@***.*** <https://github.com/timestamp>":"2016-11-24T18:55:08Z","tags":[],"pid":11,"method":"get","statusCode":304,"req":{"url":"/bundles/src/ui/public/images/kibana.svg","method":"get","headers":{"host":"10.0.0.27:5601","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","accept":"image/png,image/;q=0.8,/;q=0.5","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","referer":"http://10.0.0.27:5601/app/kibana","connection":"keep-alive","if-modified-since":"Fri <http://10.0.0.27:5601/app/kibana%22,%22connection%22:%22keep-alive%22,%22if-modified-since%22:%22Fri>, 04 Nov 2016 15:24:00 GMT"},"remoteAddress":"10.8.0.2","userAgent":"10.8.0.2","referer":"http://10.0.0.27:5601/app/kibana"},"res":{"statusCode":304,"responseTime":2,"contentLength":9},"message":"GET <http://10.0.0.27:5601/app/kibana%22%7D,%22res%22:%7B%22statusCode%22:304,%22responseTime%22:2,%22contentLength%22:9%7D,%22message%22:%22GET> /bundles/src/ui/public/images/kibana.svg 304 2ms - 9.0B"}
bro-mapping_1 | "version" : {
bro-mapping_1 | "number" : "2.4.1",
nginx_1 | 172.17.0.8 - - [24/Nov/2016:18:54:53 +0000] "GET / HTTP/1.1" 200 364 "-" "curl/7.38.0"
elasticsearch-node02_1 | [2016-11-24 18:53:44,580][INFO ][discovery ] [elasticsearch-node02] bro/k-B7bvykSYS1e3BB_01rZA
kibana_1 | ***@***.*** <https://github.com/timestamp>":"2016-11-24T18:55:08Z","tags":[],"pid":11,"method":"post","statusCode":200,"req":{"url":"/elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1480013677113","method":"post","headers":{"host":"10.0.0.27:5601","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","accept":"application/json, text/plain, /","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","content-type":"application/json;charset=utf-8","kbn-version":"4.6.3","referer":"http://10.0.0.27:5601/app/kibana","content-length":"62","connection":"keep-alive"},"remoteAddress":"10.8.0.2","userAgent":"10.8.0.2","referer":"http://10.0.0.27:5601/app/kibana"},"res":{"statusCode":200,"responseTime":38,"contentLength":9},"message":"POST <http://10.0.0.27:5601/app/kibana%22,%22content-length%22:%2262%22,%22connection%22:%22keep-alive%22%7D,%22remoteAddress%22:%2210.8.0.2%22,%22userAgent%22:%2210.8.0.2%22,%22referer%22:%22http://10.0.0.27:5601/app/kibana%22%7D,%22res%22:%7B%22statusCode%22:200,%22responseTime%22:38,%22contentLength%22:9%7D,%22message%22:%22POST> /elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1480013677113 200 38ms - 9.0B"}
nginx_1 | 172.17.0.8 - - [24/Nov/2016:18:54:54 +0000] "PUT /_template/fixstrings_bro HTTP/1.1" 200 46 "-" "curl/7.38.0"
elasticsearch-node02_1 | [2016-11-24 18:54:14,584][WARN ][discovery ] [elasticsearch-node02] waited for 30s and no initial state was set by the discovery
elasticsearch-node02_1 | [2016-11-24 18:54:14,593][INFO ][http ] [elasticsearch-node02] publish_address {172.17.0.5:9200}, bound_addresses {172.17.0.5:9200}
kibana_1 | ***@***.*** <https://github.com/timestamp>":"2016-11-24T18:55:09Z","tags":[],"pid":11,"method":"post","statusCode":200,"req":{"url":"/elasticsearch/.kibana/index-pattern/_search?fields=","method":"post","headers":{"host":"10.0.0.27:5601","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","accept":"application/json, text/plain, /","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","content-type":"application/json;charset=utf-8","kbn-version":"4.6.3","referer":"http://10.0.0.27:5601/app/kibana","content-length":"39","connection":"keep-alive"},"remoteAddress":"10.8.0.2","userAgent":"10.8.0.2","referer":"http://10.0.0.27:5601/app/kibana"},"res":{"statusCode":200,"responseTime":61,"contentLength":9},"message":"POST <http://10.0.0.27:5601/app/kibana%22,%22content-length%22:%2239%22,%22connection%22:%22keep-alive%22%7D,%22remoteAddress%22:%2210.8.0.2%22,%22userAgent%22:%2210.8.0.2%22,%22referer%22:%22http://10.0.0.27:5601/app/kibana%22%7D,%22res%22:%7B%22statusCode%22:200,%22responseTime%22:61,%22contentLength%22:9%7D,%22message%22:%22POST> /elasticsearch/.kibana/index-pattern/_search?fields= 200 61ms - 9.0B"}
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:54:55 +0000] "HEAD / HTTP/1.1" 200 0 "-" "-"
elasticsearch-node02_1 | [2016-11-24 18:54:14,593][INFO ][node ] [elasticsearch-node02] started
elasticsearch-node02_1 | [2016-11-24 18:54:31,209][INFO ][cluster.service ] [elasticsearch-node02] detected_master {elasticsearch-master}{rceCZ0J1SauMgZWI-7GXRg}{172.17.0.2}{172.17.0.2:9300}, added {{elasticsearch-master}{rceCZ0J1SauMgZWI-7GXRg}{172.17.0.2}{172.17.0.2:9300},{elasticsearch-node01}{_B_UE7R0TJeG-Vxih_UtZg}{172.17.0.4}{172.17.0.4:9300},}, reason: zen-disco-receive(from master [{elasticsearch-master}{rceCZ0J1SauMgZWI-7GXRg}{172.17.0.2}{172.17.0.2:9300}])
kibana_1 | ***@***.*** <https://github.com/timestamp>":"2016-11-24T18:55:09Z","tags":[],"pid":11,"method":"get","statusCode":200,"req":{"url":"/elasticsearch/.kibana/_mapping//field/source?=1480013677958","method":"get","headers":{"host":"10.0.0.27:5601","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","accept":"application/json, text/plain, /","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","kbn-version":"4.6.3","referer":"http://10.0.0.27:5601/app/kibana","connection":"keep-alive"},"remoteAddress":"10.8.0.2","userAgent":"10.8.0.2","referer":"http://10.0.0.27:5601/app/kibana"},"res":{"statusCode":200,"responseTime":16,"contentLength":9},"message":"GET <http://10.0.0.27:5601/app/kibana%22,%22connection%22:%22keep-alive%22%7D,%22remoteAddress%22:%2210.8.0.2%22,%22userAgent%22:%2210.8.0.2%22,%22referer%22:%22http://10.0.0.27:5601/app/kibana%22%7D,%22res%22:%7B%22statusCode%22:200,%22responseTime%22:16,%22contentLength%22:9%7D,%22message%22:%22GET> /elasticsearch/.kibana/_mapping//field/source?=1480013677958 200 16ms - 9.0B"}
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:54:55 +0000] "GET /_nodes HTTP/1.1" 200 10137 "-" "-"
bro-mapping_1 | "build_hash" : "c67dc32e24162035d18d6fe1e952c4cbcbe79d16",
bro-mapping_1 | "build_timestamp" : "2016-09-27T18:57:55Z",
kibana_1 | ***@***.*** <https://github.com/timestamp>":"2016-11-24T18:55:09Z","tags":[],"pid":11,"method":"post","statusCode":200,"req":{"url":"/elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1480013677113","method":"post","headers":{"host":"10.0.0.27:5601","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","accept":"application/json, text/plain, /","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","content-type":"application/json;charset=utf-8","kbn-version":"4.6.3","referer":"http://10.0.0.27:5601/app/kibana","content-length":"69","connection":"keep-alive"},"remoteAddress":"10.8.0.2","userAgent":"10.8.0.2","referer":"http://10.0.0.27:5601/app/kibana"},"res":{"statusCode":200,"responseTime":16,"contentLength":9},"message":"POST <http://10.0.0.27:5601/app/kibana%22,%22content-length%22:%2269%22,%22connection%22:%22keep-alive%22%7D,%22remoteAddress%22:%2210.8.0.2%22,%22userAgent%22:%2210.8.0.2%22,%22referer%22:%22http://10.0.0.27:5601/app/kibana%22%7D,%22res%22:%7B%22statusCode%22:200,%22responseTime%22:16,%22contentLength%22:9%7D,%22message%22:%22POST> /elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1480013677113 200 16ms - 9.0B"}
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:54:55 +0000] "GET /_cluster/health/.kibana?timeout=5s HTTP/1.1" 200 384 "-" "-"
bro-mapping_1 | "build_snapshot" : false,
bro-mapping_1 | "lucene_version" : "5.5.2"
kibana_1 | ***@***.*** <https://github.com/timestamp>":"2016-11-24T18:55:10Z","tags":[],"pid":11,"method":"get","statusCode":304,"req":{"url":"/bundles/node_modules/font-awesome/fonts/fontawesome-webfont.woff2","method":"get","headers":{"host":"10.0.0.27:5601","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","accept":"application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"identity","referer":"http://10.0.0.27:5601/bundles/commons.style.css?v=10154","connection":"keep-alive","if-modified-since":"Fri <http://10.0.0.27:5601/bundles/commons.style.css?v=10154%22,%22connection%22:%22keep-alive%22,%22if-modified-since%22:%22Fri>, 04 Nov 2016 15:24:00 GMT","if-none-match":""574ea2698c03ae9477db2ea3baf460ee32f1a7ea""},"remoteAddress":"10.8.0.2","userAgent":"10.8.0.2","referer":"http://10.0.0.27:5601/bundles/commons.style.css?v=10154"},"res":{"statusCode":304,"responseTime":3,"contentLength":9},"message":"GET <http://10.0.0.27:5601/bundles/commons.style.css?v=10154%22%7D,%22res%22:%7B%22statusCode%22:304,%22responseTime%22:3,%22contentLength%22:9%7D,%22message%22:%22GET> /bundles/node_modules/font-awesome/fonts/fontawesome-webfont.woff2 304 3ms - 9.0B"}
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:54:55 +0000] "POST /.kibana/config/_search HTTP/1.1" 200 254 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:02 +0000] "POST /.kibana/config/4.6.3?op_type=create HTTP/1.1" 201 127 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:05 +0000] "HEAD / HTTP/1.1" 200 0 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:05 +0000] "GET /_nodes HTTP/1.1" 200 10137 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:05 +0000] "GET /_cluster/health/.kibana?timeout=5s HTTP/1.1" 200 380 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:05 +0000] "POST /.kibana/config/_search HTTP/1.1" 200 386 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:07 +0000] "HEAD / HTTP/1.1" 200 0 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:07 +0000] "GET /_nodes HTTP/1.1" 200 10137 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:08 +0000] "GET /_cluster/health/.kibana?timeout=5s HTTP/1.1" 200 380 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:08 +0000] "POST /.kibana/config/_search HTTP/1.1" 200 386 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:08 +0000] "POST /_mget?timeout=0&ignore_unavailable=true&preference=1480013677113 HTTP/1.1" 200 140 "http://10.0.0.27:5601/app/kibana <http://10.0.0.27:5601/app/kibana>" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:09 +0000] "POST /.kibana/index-pattern/_search?fields= HTTP/1.1" 200 193 "http://10.0.0.27:5601/app/kibana <http://10.0.0.27:5601/app/kibana>" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:09 +0000] "GET /.kibana/_mapping//field/source?=1480013677958 HTTP/1.1" 200 333 "http://10.0.0.27:5601/app/kibana <http://10.0.0.27:5601/app/kibana>" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
kibana_1 | ***@***.*** <https://github.com/timestamp>":"2016-11-24T18:55:10Z","tags":[],"pid":11,"method":"post","statusCode":200,"req":{"url":"/elasticsearch/bro-/_field_stats?level=indices","method":"post","headers":{"host":"10.0.0.27:5601","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","accept":"application/json, text/plain, /","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","content-type":"application/json;charset=utf-8","kbn-version":"4.6.3","referer":"http://10.0.0.27:5601/app/kibana","content-length":"162","connection":"keep-alive"},"remoteAddress":"10.8.0.2","userAgent":"10.8.0.2","referer":"http://10.0.0.27:5601/app/kibana"},"res":{"statusCode":200,"responseTime":10,"contentLength":9},"message":"POST <http://10.0.0.27:5601/app/kibana%22,%22content-length%22:%22162%22,%22connection%22:%22keep-alive%22%7D,%22remoteAddress%22:%2210.8.0.2%22,%22userAgent%22:%2210.8.0.2%22,%22referer%22:%22http://10.0.0.27:5601/app/kibana%22%7D,%22res%22:%7B%22statusCode%22:200,%22responseTime%22:10,%22contentLength%22:9%7D,%22message%22:%22POST> /elasticsearch/bro-/_field_stats?level=indices 200 10ms - 9.0B"}
kibana_1 | ***@***.*** <https://github.com/timestamp>":"2016-11-24T18:55:10Z","tags":[],"pid":11,"method":"post","statusCode":200,"req":{"url":"/elasticsearch/_msearch?timeout=0&ignore_unavailable=true&preference=1480013677113","method":"post","headers":{"host":"10.0.0.27:5601","user-agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0","accept":"application/json, text/plain, /","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","content-type":"application/json;charset=utf-8","kbn-version":"4.6.3","referer":"http://10.0.0.27:5601/app/kibana","content-length":"798","connection":"keep-alive"},"remoteAddress":"10.8.0.2","userAgent":"10.8.0.2","referer":"http://10.0.0.27:5601/app/kibana"},"res":{"statusCode":200,"responseTime":13,"contentLength":9},"message":"POST <http://10.0.0.27:5601/app/kibana%22,%22content-length%22:%22798%22,%22connection%22:%22keep-alive%22%7D,%22remoteAddress%22:%2210.8.0.2%22,%22userAgent%22:%2210.8.0.2%22,%22referer%22:%22http://10.0.0.27:5601/app/kibana%22%7D,%22res%22:%7B%22statusCode%22:200,%22responseTime%22:13,%22contentLength%22:9%7D,%22message%22:%22POST> /elasticsearch/_msearch?timeout=0&ignore_unavailable=true&preference=1480013677113 200 13ms - 9.0B"}
bro-mapping_1 | },
bro-mapping_1 | "tagline" : "You Know, for Search"
bro-mapping_1 | }
bro-mapping_1 | Elasticsearch is up - executing command
bro-mapping_1 | % Total % Received % Xferd Average Speed Time Time Time Current
bro-mapping_1 | Dload Upload Total Spent Left Speed
100 2438 100 21 100 2417 20 2314 0:00:01 0:00:01 --:--:-- 2315
bro-mapping_1 | {"acknowledged":true}
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:09 +0000] "POST /_mget?timeout=0&ignore_unavailable=true&preference=1480013677113 HTTP/1.1" 200 28865 "http://10.0.0.27:5601/app/kibana <http://10.0.0.27:5601/app/kibana>" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:10 +0000] "POST /bro-*/_field_stats?level=indices HTTP/1.1" 200 62 "http://10.0.0.27:5601/app/kibana <http://10.0.0.27:5601/app/kibana>" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:10 +0000] "HEAD / HTTP/1.1" 200 0 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:10 +0000] "GET /_nodes HTTP/1.1" 200 10137 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:10 +0000] "GET /_cluster/health/.kibana?timeout=5s HTTP/1.1" 200 380 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:10 +0000] "POST /.kibana/config/_search HTTP/1.1" 200 386 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:10 +0000] "POST /_msearch?timeout=0&ignore_unavailable=true&preference=1480013677113 HTTP/1.1" 200 137 "http://10.0.0.27:5601/app/kibana <http://10.0.0.27:5601/app/kibana>" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:13 +0000] "HEAD / HTTP/1.1" 200 0 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:13 +0000] "GET /_nodes HTTP/1.1" 200 10137 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:13 +0000] "GET /_cluster/health/.kibana?timeout=5s HTTP/1.1" 200 380 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:13 +0000] "POST /.kibana/config/_search HTTP/1.1" 200 386 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:15 +0000] "HEAD / HTTP/1.1" 200 0 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:15 +0000] "GET /_nodes HTTP/1.1" 200 10137 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:15 +0000] "GET /_cluster/health/.kibana?timeout=5s HTTP/1.1" 200 380 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:15 +0000] "POST /.kibana/config/_search HTTP/1.1" 200 385 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:18 +0000] "HEAD / HTTP/1.1" 200 0 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:18 +0000] "GET /_nodes HTTP/1.1" 200 10137 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:18 +0000] "GET /_cluster/health/.kibana?timeout=5s HTTP/1.1" 200 380 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:18 +0000] "POST /.kibana/config/_search HTTP/1.1" 200 386 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:20 +0000] "HEAD / HTTP/1.1" 200 0 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:20 +0000] "GET /_nodes HTTP/1.1" 200 10137 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:20 +0000] "GET /_cluster/health/.kibana?timeout=5s HTTP/1.1" 200 380 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:20 +0000] "POST /.kibana/config/_search HTTP/1.1" 200 386 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:23 +0000] "HEAD / HTTP/1.1" 200 0 "-" "-"
kibana-config_1 | % Total % Received % Xferd Average Speed Time Time Time Current
elasticsearch-master_1 | [2016-11-24 18:52:46,113][INFO ][node ] [elasticsearch-master] version[2.4.1], pid[11], build[c67dc32/2016-09-27T18:57:55Z]
elasticsearch-master_1 | [2016-11-24 18:52:46,113][INFO ][node ] [elasticsearch-master] initializing ...
elasticsearch-master_1 | [2016-11-24 18:52:46,633][INFO ][plugins ] [elasticsearch-master] modules [reindex, lang-expression, lang-groovy], plugins [], sites []
elasticsearch-master_1 | [2016-11-24 18:52:46,831][INFO ][env ] [elasticsearch-master] using [1] data paths, mounts [[/usr/share/elasticsearch/data (/dev/dm-0)]], net usable_space [25.1gb], net total_space [29.8gb], spins? [possibly], types [ext4]
kibana-config_1 | Dload Upload Total Spent Left Speed
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:23 +0000] "GET /_nodes HTTP/1.1" 200 10137 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:23 +0000] "GET /_cluster/health/.kibana?timeout=5s HTTP/1.1" 200 380 "-" "-"
elasticsearch-master_1 | [2016-11-24 18:52:46,831][INFO ][env ] [elasticsearch-master] heap size [990.7mb], compressed ordinary object pointers [true]
kibana-config_1 | {
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:23 +0000] "POST /.kibana/config/_search HTTP/1.1" 200 385 "-" "-"
elasticsearch-node01_1 | [2016-11-24 18:53:49,494][INFO ][node ] [elasticsearch-node01] version[2.4.1], pid[11], build[c67dc32/2016-09-27T18:57:55Z]
elasticsearch-master_1 | [2016-11-24 18:52:48,726][INFO ][node ] [elasticsearch-master] initialized
kibana-config_1 | "name" : "elasticsearch-master",
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:25 +0000] "HEAD / HTTP/1.1" 200 0 "-" "-"
kibana-config_1 | "cluster_name" : "bro",
elasticsearch-node01_1 | [2016-11-24 18:53:49,495][INFO ][node ] [elasticsearch-node01] initializing ...
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:25 +0000] "GET /_nodes HTTP/1.1" 200 10137 "-" "-"
elasticsearch-node01_1 | [2016-11-24 18:53:50,055][INFO ][plugins ] [elasticsearch-node01] modules [reindex, lang-expression, lang-groovy], plugins [], sites []
elasticsearch-master_1 | [2016-11-24 18:52:48,726][INFO ][node ] [elasticsearch-master] starting ...
kibana-config_1 | "cluster_uuid" : "UpuV9kudS9K390SPADJ75g",
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:25 +0000] "GET /_cluster/health/.kibana?timeout=5s HTTP/1.1" 200 380 "-" "-"
elasticsearch-node01_1 | [2016-11-24 18:53:50,397][INFO ][env ] [elasticsearch-node01] using [1] data paths, mounts [[/usr/share/elasticsearch/data (/dev/dm-0)]], net usable_space [25.1gb], net total_space [29.8gb], spins? [possibly], types [ext4]
elasticsearch-master_1 | [2016-11-24 18:52:48,888][INFO ][transport ] [elasticsearch-master] publish_address {172.17.0.2:9300}, bound_addresses {172.17.0.2:9300}
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:25 +0000] "POST /.kibana/config/_search HTTP/1.1" 200 386 "-" "-"
kibana-config_1 | "version" : {
kibana-config_1 | "number" : "2.4.1",
elasticsearch-master_1 | [2016-11-24 18:52:48,895][INFO ][discovery ] [elasticsearch-master] bro/rceCZ0J1SauMgZWI-7GXRg
kibana-config_1 | "build_hash" : "c67dc32e24162035d18d6fe1e952c4cbcbe79d16",
kibana-config_1 | "build_timestamp" : "2016-09-27T18:57:55Z",
kibana-config_1 | "build_snapshot" : false,
elasticsearch-master_1 | [2016-11-24 18:52:51,979][INFO ][cluster.service ] [elasticsearch-master] new_master {elasticsearch-master}{rceCZ0J1SauMgZWI-7GXRg}{172.17.0.2}{172.17.0.2:9300}, reason: zen-disco-join(elected_as_master, [0] joins received)
elasticsearch-node01_1 | [2016-11-24 18:53:50,401][INFO ][env ] [elasticsearch-node01] heap size [990.7mb], compressed ordinary object pointers [true]
elasticsearch-master_1 | [2016-11-24 18:52:52,007][INFO ][http ] [elasticsearch-master] publish_address {172.17.0.2:9200}, bound_addresses {172.17.0.2:9200}
kibana-config_1 | "lucene_version" : "5.5.2"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:28 +0000] "HEAD / HTTP/1.1" 200 0 "-" "-"
elasticsearch-master_1 | [2016-11-24 18:52:52,008][INFO ][node ] [elasticsearch-master] started
kibana-config_1 | },
kibana-config_1 | "tagline" : "You Know, for Search"
elasticsearch-master_1 | [2016-11-24 18:52:55,080][INFO ][gateway ] [elasticsearch-master] recovered [0] indices into cluster_state
kibana-config_1 | }
100 364 100 364 0 0 8202 0 --:--:-- --:--:-- --:--:-- 8272
elasticsearch-master_1 | [2016-11-24 18:53:22,443][INFO ][cluster.metadata ] [elasticsearch-master] [.kibana] creating index, cause [auto(index api)], templates [], shards [5]/[1], mappings []
kibana-config_1 | Elasticsearch is up - executing command
kibana-config_1 | Thu, 24 Nov 2016 18:53:22 GMT | starting dump
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:28 +0000] "GET /_nodes HTTP/1.1" 200 10137 "-" "-"
elasticsearch-master_1 | [2016-11-24 18:54:19,574][DEBUG][action.admin.indices.mapping.put] [elasticsearch-master] failed to put mappings on indices [[.kibana]], type [visualization]
kibana-config_1 | Thu, 24 Nov 2016 18:53:22 GMT | got 78 objects from source file (offset: 0)
kibana-config_1 | Thu, 24 Nov 2016 18:55:02 GMT | sent 78 objects to destination elasticsearch, wrote 74
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:28 +0000] "GET /_cluster/health/.kibana?timeout=5s HTTP/1.1" 200 380 "-" "-"
elasticsearch-master_1 | ProcessClusterEventTimeoutException[failed to process cluster event (put-mapping [visualization]) within 30s]
kibana-config_1 | Thu, 24 Nov 2016 18:55:02 GMT | got 0 objects from source file (offset: 78)
kibana-config_1 | Thu, 24 Nov 2016 18:55:02 GMT | Total Writes: 74
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:28 +0000] "POST /.kibana/config/_search HTTP/1.1" 200 385 "-" "-"
elasticsearch-master_1 | at org.elasticsearch.cluster.service.InternalClusterService$2$1.run(InternalClusterService.java:349)
elasticsearch-node01_1 | [2016-11-24 18:53:52,620][INFO ][node ] [elasticsearch-node01] initialized
elasticsearch-node01_1 | [2016-11-24 18:53:52,620][INFO ][node ] [elasticsearch-node01] starting ...
elasticsearch-node01_1 | [2016-11-24 18:53:52,708][INFO ][transport ] [elasticsearch-node01] publish_address {172.17.0.4:9300}, bound_addresses {172.17.0.4:9300}
elasticsearch-node01_1 | [2016-11-24 18:53:52,713][INFO ][discovery ] [elasticsearch-node01] bro/_B_UE7R0TJeG-Vxih_UtZg
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
elasticsearch-node01_1 | [2016-11-24 18:54:22,715][WARN ][discovery ] [elasticsearch-node01] waited for 30s and no initial state was set by the discovery
elasticsearch-node01_1 | [2016-11-24 18:54:24,652][INFO ][http ] [elasticsearch-node01] publish_address {172.17.0.4:9200}, bound_addresses {172.17.0.4:9200}
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:30 +0000] "HEAD / HTTP/1.1" 200 0 "-" "-"
elasticsearch-node01_1 | [2016-11-24 18:54:24,652][INFO ][node ] [elasticsearch-node01] started
elasticsearch-node01_1 | [2016-11-24 18:54:31,208][INFO ][cluster.service ] [elasticsearch-node01] detected_master {elasticsearch-master}{rceCZ0J1SauMgZWI-7GXRg}{172.17.0.2}{172.17.0.2:9300}, added {{elasticsearch-node02}{k-B7bvykSYS1e3BB_01rZA}{172.17.0.5}{172.17.0.5:9300},{elasticsearch-master}{rceCZ0J1SauMgZWI-7GXRg}{172.17.0.2}{172.17.0.2:9300},}, reason: zen-disco-receive(from master [{elasticsearch-master}{rceCZ0J1SauMgZWI-7GXRg}{172.17.0.2}{172.17.0.2:9300}])
elasticsearch-master_1 | at java.lang.Thread.run(Thread.java:745)
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:30 +0000] "GET /_nodes HTTP/1.1" 200 10137 "-" "-"
kibana-config_1 | Thu, 24 Nov 2016 18:55:02 GMT | dump complete
elasticsearch-master_1 | [2016-11-24 18:54:19,576][DEBUG][action.admin.indices.mapping.put] [elasticsearch-master] failed to put mappings on indices [[.kibana]], type [visualization]
elasticsearch-master_1 | ProcessClusterEventTimeoutException[failed to process cluster event (put-mapping [visualization]) within 30s]
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:30 +0000] "GET /_cluster/health/.kibana?timeout=5s HTTP/1.1" 200 380 "-" "-"
elasticsearch-master_1 | at org.elasticsearch.cluster.service.InternalClusterService$2$1.run(InternalClusterService.java:349)
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:30 +0000] "POST /.kibana/config/_search HTTP/1.1" 200 385 "-" "-"
elasticsearch-master_1 | at java.lang.Thread.run(Thread.java:745)
elasticsearch-master_1 | [2016-11-24 18:54:19,576][DEBUG][action.index ] [elasticsearch-master] failed to execute [index {[.kibana][visualization][file-mime-type-table], source[{"title":"file mime type table","visState":"{"title":"New Visualization","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"date_histogram","schema":"bucket","params":{"field":"ts","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{}}},{"id":"3","type":"terms","schema":"bucket","params":{"field":"mime_type","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}","uiStateJSON":"{}","description":"","savedSearchId":"files","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{"filter":[]}"}}]}] on [[.kibana][0]]
elasticsearch-master_1 | ProcessClusterEventTimeoutException[failed to process cluster event (put-mapping [visualization]) within 30s]
elasticsearch-master_1 | at org.elasticsearch.cluster.service.InternalClusterService$2$1.run(InternalClusterService.java:349)
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:33 +0000] "HEAD / HTTP/1.1" 200 0 "-" "-"
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
elasticsearch-master_1 | at java.lang.Thread.run(Thread.java:745)
elasticsearch-master_1 | [2016-11-24 18:54:19,576][DEBUG][action.admin.indices.mapping.put] [elasticsearch-master] failed to put mappings on indices [[.kibana]], type [visualization]
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:33 +0000] "GET /_nodes HTTP/1.1" 200 10137 "-" "-"
elasticsearch-master_1 | ProcessClusterEventTimeoutException[failed to process cluster event (put-mapping [visualization]) within 30s]
elasticsearch-master_1 | at org.elasticsearch.cluster.service.InternalClusterService$2$1.run(InternalClusterService.java:349)
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:33 +0000] "GET /_cluster/health/.kibana?timeout=5s HTTP/1.1" 200 380 "-" "-"
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:33 +0000] "POST /.kibana/config/_search HTTP/1.1" 200 386 "-" "-"
elasticsearch-master_1 | at java.lang.Thread.run(Thread.java:745)
elasticsearch-master_1 | [2016-11-24 18:54:19,576][DEBUG][action.admin.indices.mapping.put] [elasticsearch-master] failed to put mappings on indices [[.kibana]], type [visualization]
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:35 +0000] "HEAD / HTTP/1.1" 200 0 "-" "-"
elasticsearch-master_1 | ProcessClusterEventTimeoutException[failed to process cluster event (put-mapping [visualization]) within 30s]
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:35 +0000] "GET /_nodes HTTP/1.1" 200 10137 "-" "-"
elasticsearch-master_1 | at org.elasticsearch.cluster.service.InternalClusterService$2$1.run(InternalClusterService.java:349)
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:35 +0000] "GET /_cluster/health/.kibana?timeout=5s HTTP/1.1" 200 380 "-" "-"
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:36 +0000] "POST /.kibana/config/_search HTTP/1.1" 200 385 "-" "-"
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:38 +0000] "HEAD / HTTP/1.1" 200 0 "-" "-"
elasticsearch-master_1 | at java.lang.Thread.run(Thread.java:745)
elasticsearch-master_1 | [2016-11-24 18:54:19,578][DEBUG][action.index ] [elasticsearch-master] failed to execute [index {[.kibana][visualization][unknown-resp-host], source[{"title":"unknown resp host","visState":"{"type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"id_resp_h","size":20,"order":"desc","orderBy":"1"}}],"listeners":{},"title":"unknown resp host"}","uiStateJSON":"{}","description":"","savedSearchId":"undetected-connection","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{"filter":[]}"}}]}] on [[.kibana][0]]
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:38 +0000] "GET /_nodes HTTP/1.1" 200 10137 "-" "-"
elasticsearch-master_1 | ProcessClusterEventTimeoutException[failed to process cluster event (put-mapping [visualization]) within 30s]
elasticsearch-master_1 | at org.elasticsearch.cluster.service.InternalClusterService$2$1.run(InternalClusterService.java:349)
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
elasticsearch-master_1 | at java.lang.Thread.run(Thread.java:745)
elasticsearch-master_1 | [2016-11-24 18:54:19,576][DEBUG][action.index ] [elasticsearch-master] failed to execute [index {[.kibana][visualization][notice-note], source[{"title":"notice note","visState":"{"aggs":[{"id":"1","params":{},"schema":"metric","type":"count"},{"id":"2","params":{"customInterval":"2h","extended_bounds":{},"field":"ts","interval":"auto","min_doc_count":1},"schema":"segment","type":"date_histogram"},{"id":"3","params":{"field":"note","order":"desc","orderBy":"1","size":5},"schema":"group","type":"terms"}],"listeners":{},"params":{"addLegend":true,"addTimeMarker":false,"addTooltip":true,"defaultYExtents":false,"interpolate":"linear","mode":"stacked","scale":"linear","setYExtents":false,"shareYAxis":true,"smoothLines":true,"times":[],"yAxis":{}},"type":"area","title":"notice note"}","uiStateJSON":"{}","description":"","savedSearchId":"notice","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{"filter":[]}"}}]}] on [[.kibana][0]]
elasticsearch-master_1 | ProcessClusterEventTimeoutException[failed to process cluster event (put-mapping [visualization]) within 30s]
elasticsearch-master_1 | at org.elasticsearch.cluster.service.InternalClusterService$2$1.run(InternalClusterService.java:349)
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
elasticsearch-master_1 | at java.lang.Thread.run(Thread.java:745)
elasticsearch-master_1 | [2016-11-24 18:54:19,577][DEBUG][action.index ] [elasticsearch-master] failed to execute [index {[.kibana][visualization][file-source-count], source[{"title":"file source count","visState":"{"title":"file mime type count","type":"area","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"smoothLines":true,"scale":"linear","interpolate":"linear","mode":"stacked","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"date_histogram","schema":"segment","params":{"field":"ts","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{}}},{"id":"3","type":"terms","schema":"group","params":{"field":"source","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}","uiStateJSON":"{}","description":"","savedSearchId":"files","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{"filter":[]}"}}]}] on [[.kibana][0]]
elasticsearch-master_1 | ProcessClusterEventTimeoutException[failed to process cluster event (put-mapping [visualization]) within 30s]
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:38 +0000] "GET /_cluster/health/.kibana?timeout=5s HTTP/1.1" 200 380 "-" "-"
elasticsearch-master_1 | at org.elasticsearch.cluster.service.InternalClusterService$2$1.run(InternalClusterService.java:349)
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
elasticsearch-master_1 | at java.lang.Thread.run(Thread.java:745)
elasticsearch-master_1 | [2016-11-24 18:54:19,580][WARN ][rest.suppressed ] path: /.kibana/visualization/notice-note, params: {index=.kibana, id=notice-note, type=visualization}
elasticsearch-master_1 | RemoteTransportException[[elasticsearch-master][172.17.0.2:9300][indices:data/write/index[p]]]; nested: ProcessClusterEventTimeoutException[failed to process cluster event (put-mapping [visualization]) within 30s];
elasticsearch-master_1 | Caused by: ProcessClusterEventTimeoutException[failed to process cluster event (put-mapping [visualization]) within 30s]
elasticsearch-master_1 | at org.elasticsearch.cluster.service.InternalClusterService$2$1.run(InternalClusterService.java:349)
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:38 +0000] "POST /.kibana/config/_search HTTP/1.1" 200 386 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:41 +0000] "HEAD / HTTP/1.1" 200 0 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:41 +0000] "GET /_nodes HTTP/1.1" 200 10137 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:41 +0000] "GET /_cluster/health/.kibana?timeout=5s HTTP/1.1" 200 380 "-" "-"
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:41 +0000] "POST /.kibana/config/_search HTTP/1.1" 200 386 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:43 +0000] "HEAD / HTTP/1.1" 200 0 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:43 +0000] "GET /_nodes HTTP/1.1" 200 10137 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:43 +0000] "GET /_cluster/health/.kibana?timeout=5s HTTP/1.1" 200 380 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:43 +0000] "POST /.kibana/config/_search HTTP/1.1" 200 385 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:46 +0000] "HEAD / HTTP/1.1" 200 0 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:46 +0000] "GET /_nodes HTTP/1.1" 200 10137 "-" "-"
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:46 +0000] "GET /_cluster/health/.kibana?timeout=5s HTTP/1.1" 200 380 "-" "-"
elasticsearch-master_1 | at java.lang.Thread.run(Thread.java:745)
nginx_1 | 172.17.0.7 - - [24/Nov/2016:18:55:46 +0000] "POST /.kibana/config/_search HTTP/1.1" 200 385 "-" "-"
elasticsearch-master_1 | [2016-11-24 18:54:19,580][WARN ][rest.suppressed ] path: /.kibana/visualization/unknown-resp-host, params: {index=.kibana, id=unknown-resp-host, type=visualization}
elasticsearch-master_1 | RemoteTransportException[[elasticsearch-master][172.17.0.2:9300][indices:data/write/index[p]]]; nested: ProcessClusterEventTimeoutException[failed to process cluster event (put-mapping [visualization]) within 30s];
elasticsearch-master_1 | Caused by: ProcessClusterEventTimeoutException[failed to process cluster event (put-mapping [visualization]) within 30s]
elasticsearch-master_1 | at org.elasticsearch.cluster.service.InternalClusterService$2$1.run(InternalClusterService.java:349)
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
elasticsearch-master_1 | at java.lang.Thread.run(Thread.java:745)
elasticsearch-master_1 | [2016-11-24 18:54:19,581][WARN ][rest.suppressed ] path: /.kibana/visualization/file-mime-type-table, params: {index=.kibana, id=file-mime-type-table, type=visualization}
elasticsearch-master_1 | RemoteTransportException[[elasticsearch-master][172.17.0.2:9300][indices:data/write/index[p]]]; nested: ProcessClusterEventTimeoutException[failed to process cluster event (put-mapping [visualization]) within 30s];
elasticsearch-master_1 | Caused by: ProcessClusterEventTimeoutException[failed to process cluster event (put-mapping [visualization]) within 30s]
elasticsearch-master_1 | at org.elasticsearch.cluster.service.InternalClusterService$2$1.run(InternalClusterService.java:349)
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
elasticsearch-master_1 | at java.lang.Thread.run(Thread.java:745)
elasticsearch-master_1 | [2016-11-24 18:54:19,580][WARN ][rest.suppressed ] path: /.kibana/visualization/file-source-count, params: {index=.kibana, id=file-source-count, type=visualization}
elasticsearch-master_1 | RemoteTransportException[[elasticsearch-master][172.17.0.2:9300][indices:data/write/index[p]]]; nested: ProcessClusterEventTimeoutException[failed to process cluster event (put-mapping [visualization]) within 30s];
elasticsearch-master_1 | Caused by: ProcessClusterEventTimeoutException[failed to process cluster event (put-mapping [visualization]) within 30s]
elasticsearch-master_1 | at org.elasticsearch.cluster.service.InternalClusterService$2$1.run(InternalClusterService.java:349)
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
elasticsearch-master_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
elasticsearch-master_1 | at java.lang.Thread.run(Thread.java:745)
elasticsearch-master_1 | [2016-11-24 18:54:26,502][WARN ][cluster.service ] [elasticsearch-master] cluster state update task [shard-started ([.kibana][3], node[rceCZ0J1SauMgZWI-7GXRg], [P], v[1], s[INITIALIZING], a[id=U2rhY-uwSZivBr9O1fdPDQ], unassigned_info[[reason=INDEX_CREATED], at[2016-11-24T18:53:22.445Z]]), reason [after recovery from store],shard-started ([.kibana][1], node[rceCZ0J1SauMgZWI-7GXRg], [P], v[1], s[INITIALIZING], a[id=cjQih32_QeOJB4iptcVLJQ], unassigned_info[[reason=INDEX_CREATED], at[2016-11-24T18:53:22.445Z]]), reason [after recovery from store],shard-started ([.kibana][2], node[rceCZ0J1SauMgZWI-7GXRg], [P], v[1], s[INITIALIZING], a[id=pnRlEjcsT_WvlQDWjQHD1g], unassigned_info[[reason=INDEX_CREATED], at[2016-11-24T18:53:22.445Z]]), reason [after recovery from store]] took 37s above the warn threshold of 30s
elasticsearch-master_1 | [2016-11-24 18:54:26,504][INFO ][cluster.routing.allocation] [elasticsearch-master] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[.kibana][4], [.kibana][4]] ...]).
elasticsearch-master_1 | [2016-11-24 18:54:31,189][INFO ][cluster.service ] [elasticsearch-master] added {{elasticsearch-node02}{k-B7bvykSYS1e3BB_01rZA}{172.17.0.5}{172.17.0.5:9300},{elasticsearch-node01}{_B_UE7R0TJeG-Vxih_UtZg}{172.17.0.4}{172.17.0.4:9300},}, reason: zen-disco-join(join from node[{elasticsearch-node02}{k-B7bvykSYS1e3BB_01rZA}{172.17.0.5}{172.17.0.5:9300}])
elasticsearch-master_1 | [2016-11-24 18:54:34,705][INFO ][cluster.metadata ] [elasticsearch-master] [.kibana] create_mapping [visualization]
elasticsearch-master_1 | [2016-11-24 18:54:49,115][INFO ][cluster.metadata ] [elasticsearch-master] [.kibana] create_mapping [config]
elasticsearch-master_1 | [2016-11-24 18:54:49,120][INFO ][cluster.metadata ] [elasticsearch-master] [.kibana] create_mapping [search]
elasticsearch-master_1 | [2016-11-24 18:54:52,814][INFO ][cluster.routing.allocation] [elasticsearch-master] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.kibana][4]] ...]).
elasticsearch-master_1 | [2016-11-24 18:54:53,250][INFO ][cluster.metadata ] [elasticsearch-master] [.kibana] create_mapping [dashboard]
elasticsearch-master_1 | [2016-11-24 18:54:54,538][INFO ][cluster.metadata ] [elasticsearch-master] [.kibana] create_mapping [index-pattern]
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#9 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ALzmMlXS4EuuEJDLzT8SMXfaC7uXaA3iks5rBd3ggaJpZM4K70wP>.
|
![https://github.com/timestamp>":"2016-11-24T18:55:08Z","tags":[],"pid":11,"method":"get","statusCode":304,"req":{"url":"/bundles/src/ui/public/images/kibana.svg","method":"get","headers":{"host":"10.0.0.27:5601","user-agent":"Mozilla/5.0](https://github.com/timestamp>":"2016-11-24T18:55:08Z","tags":[],"pid":11,"method":"get","statusCode":304,"req":{"url":"/bundles/src/ui/public/images/kibana.svg","method":"get","headers":{"host":"10.0.0.27:5601","user-agent":"Mozilla/5.0){kind=link}
|
Eth1 interface is a monitor interface on the host. I have access from remote server nc 10.0.0.27 1969 is open and telnet working (also tried localhost) |
|
I also tried to send a simulated get request using netcat but bro container seems to read nothing :( Its like bro service isn't running root@bro-xinetd-elasticsearch:/tmp# ps -aux Sould i run anything extra on bro container or it should read incoming traffic from netcat? Is the role xinetd-elasticsearch correct? I can find anything else wrong...Thanks again for your help |
|
I see you removed the DOCKERHOST from your yml… why ?
Just started it on carina (rackspace) and everything works fine.
I don’t know what your problem is.
What i can tell you is how to do it proper …
Asuming your dockerhost is reachable on 10.0.0.1
export DOCKERHOST=10.0.0.1:8080
docker-compose pull
docker-compose up
If you want to play with an empty working one use
172.99.77.37 1969 to send pcap
and
http://172.99.77.37:5601 <http://172.99.77.37:5601/> for kibana
# Compose Bro-debian-elasicsearch cluster
# set DOCKERHOST with export DOCKERHOST=192.168.1.2:8080
#
# VOLUMES
elastic-data-master:
image: tianon/true
volumes:
- /usr/share/elasticsearch/data
elastic-data-node01:
image: tianon/true
volumes:
- /usr/share/elasticsearch/data
elastic-data-node02:
image: tianon/true
volumes:
- /usr/share/elasticsearch/data
# nginx
nginx:
image: danielguerra/bro-elasticsearch-nginx
hostname: nginx
links:
- "elasticsearch-master:master"
- "elasticsearch-node01:node01"
- "elasticsearch-node02:node02"
ports:
- "9200:9200"
- "9300:9300"
# ELASTICSEARCH
elasticsearch-master:
image: danielguerra/alpine-elasticsearch
command: -Des.network.bind_host=elasticsearch-master --cluster.name=bro --node.name=elasticsearch-master --discovery.zen.ping.multicast.enabled=false --network.host=elasticsearch-master
hostname: elasticsearch-master
volumes_from:
- "elastic-data-master"
elasticsearch-node01:
image: danielguerra/alpine-elasticsearch
command: -Des.network.bind_host=elasticsearch-node01 --cluster.name=bro --node.name=elasticsearch-node01 --discovery.zen.ping.unicast.hosts=master:9300 --network.host=elasticsearch-node01
hostname: elasticsearch-node01
links:
- "elasticsearch-master:master"
volumes_from:
- "elastic-data-node01"
elasticsearch-node02:
image: danielguerra/alpine-elasticsearch
command: -Des.network.bind_host=elasticsearch-node02 --cluster.name=bro --node.name=elasticsearch-node02 --discovery.zen.ping.unicast.hosts=master:9300 --network.host=elasticsearch-node02
hostname: elasticsearch-node02
links:
- "elasticsearch-master:master"
volumes_from:
- "elastic-data-node02"
# KIBANA
kibana:
image: kibana:4.6
hostname: kibana
ports:
- "5601:5601"
links:
- "nginx:elasticsearch"
# BRO
bro-xinitd-forensic:
image: danielguerra/bro-debian-elasticsearch
command: /role/xinetd-forensic $DOCKERHOST
hostname: bro-xinetd-forensic
links:
- "nginx:elasticsearch"
ports:
- "1969:1969"
- "8080:80"
# mapping
bro-mapping:
image: danielguerra/bro-debian-elasticsearch
command: /scripts/bro-mapping.sh
links:
- "nginx:elasticsearch"
# kibana config
kibana-config:
image: danielguerra/bro-kibana-config
links:
- "elasticsearch-master:elasticsearch"
… On 24 Nov 2016, at 20:38, alxbob ***@***.***> wrote:
I also tried to send to similate a get request using netcat but bro container seems to read nothing :(
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#9 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ALzmMjClXnDN-QbIzLRivoBeGO5CU-Biks5rBeejgaJpZM4K70wP>.
|
|
I only modified yml and changed bro-xinitd-forensic with: BRO bro-xinitd: For live traffic capture and not pcap! Everything else in the config is the same. So i send traffic with sudo tcpdump -i eth0 -s 0 -w - | nc IP 1969 or sudo tcpdump -i eth0 -s 0 -w /dev/stdout | nc IP 1969 |
|
I want to send live traffic from anywhere to bro and check it on kibana...Is my config false? Maybe i figure it out wrong.. Finally i also tried your default docker-compose but when i tried to send a pcap file to a forensic bro i get this : nc 10.0.0.27 1969 < mycap.pcap |
|
Yes your config is wrong. Wrong use of xinetd-forensic. Use my guide.
… On 25 Nov 2016, at 14:32, alxbob ***@***.***> wrote:
I want to send live traffic from anywhere to bro and check it on kibana...Is my config false? Maybe i figure it out wrong..
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#9 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ALzmMvyaWMoCrsGlcqHzRuBH2pIUoNWPks5rBuN2gaJpZM4K70wP>.
|
|
I used your guide and i cant figured what i am doing wrong can you pls provide 2 examples on how to run: 1 xinetd-elasticsearch for live packtet capture I use your docker-compose diff: BRO bro-xinitd: "nginx:elasticsearch" sudo tcpdump -i eth0 -s 0 -w - | nc IP 1969
Thanks again for everything |
|
Use
command: /role/xinetd-elasticsearch ip:port
… On 25 Nov 2016, at 15:16, alxbob ***@***.***> wrote:
I used your guide and i cant figured what i am doing wrong can you pls provide 2 examples on how to run:
1 xinetd-elasticsearch for live packtet capture
I use your docker-compose diff:
BRO
bro-xinitd:
image: danielguerra/bro-debian-elasticsearch
command: /role/xinetd-elasticsearch
hostname: bro-xinetd
links:
"nginx:elasticsearch"
ports:
"1969:1969"
sudo tcpdump -i eth0 -s 0 -w - | nc IP 1969
xinetd-forensic with your default docker-compose command nc IP 1969 < mycap.pcap (with a captured pcap file)
Thanks again for everything
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#9 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ALzmMtPVPH17lWxtEaz7u21hI6HsTT2qks5rBu3ZgaJpZM4K70wP>.
|
|
:( stil nothing |
|
I cant help you
Did you try the host on internet ?
… On 25 Nov 2016, at 15:56, alxbob ***@***.***> wrote:
:( stil nothing
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#9 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ALzmMuke3k_29gV6T--njw4gDc7GZSjbks5rBvc2gaJpZM4K70wP>.
|
|
No i tried it on centos7 and on Debian jessie still nothing..Any os suggestion ? thanks again for your help |
|
Maybe the problem is networking after all, from container i see with tcpdump only 172.17.0.1.59424 > bro-xinetd.bro: Flags [.], cksum 0x584d (incorrect -> 0x50fc), seq 1, ack 1, win 229, options [nop,nop,TS val 34317 ecr 34317], length 0 |
|
Aha use the role xinetd-forensic-crc instead of xinetd-forensic
This role will use bro -C to avoid crc checks.
But if you want to dump a container properly … do this
docker run --rm --net=container:<container-to-dump> crccheck/tcpdump -i eth0 -w - | nc <bro-xinetd-ip> 1969
… On 25 Nov 2016, at 22:56, alxbob ***@***.***> wrote:
Maybe the problem is networking after all, from container i see with tcpdump only
172.17.0.1.59424 > bro-xinetd.bro: Flags [.], cksum 0x584d (incorrect -> 0x50fc), seq 1, ack 1, win 229, options [nop,nop,TS val 34317 ecr 34317], length 0
21:55:56.366651 IP (tos 0x0, ttl 64, id 40952, offset 0, flags [DF], proto TCP (6), length 52)
bro-xinetd.bro > 172.17.0.1.59424: Flags [F.], cksum 0x584d (incorrect -> 0x50fa), seq 1, ack 1, win 227, options [nop,nop,TS val 34320 ecr 34317], length 0
21:55:56.366790 IP (tos 0x0, ttl 64, id 19101, offset 0, flags [DF], proto TCP (6), length 52)
172.17.0.1.59424 > bro-xinetd.bro: Flags [F.], cksum 0x584d (incorrect -> 0x50f4), seq 1, ack 2, win 229, options [nop,nop,TS val 34320 ecr 34320], length 0
21:55:56.366804 IP (tos 0x0, ttl 64, id 40953, offset 0, flags [DF], proto TCP (6), length 52)
bro-xinetd.bro > 172.17.0.1.59424: Flags [.], cksum 0x584d (incorrect -> 0x50f6), seq 2, ack 2, win 227, options [nop,nop,TS val 34320 ecr 34320], length 0
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#9 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ALzmMuJEuoaRHSOYSKaRhNJuIagT8Bfyks5rB1mfgaJpZM4K70wP>.
|
|
For reference the problem exists with docker and kvm machine with networking there is a bug of some short offloading with ethtool offloading doesn't change anything. |
|
Try https://app.getcarina.com/app/signup <https://app.getcarina.com/app/signup>
You can get an account on a propper docker environment for free
… On 28 Nov 2016, at 16:08, alxbob ***@***.***> wrote:
For reference the problem exists with docker and kvm machine with networking there is a bug of some short offloading with ethtool offloading doesn't change anything.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#9 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ALzmMspvBAi9jsVDAZclfMdqLr_cFFGeks5rCu5agaJpZM4K70wP>.
|
I setup a 3 elk cluster kibana and bro with xinetd-elasticsearch role i send traffic with /dev/stdout but i can't see any logsin kibana. Any advice?
The text was updated successfully, but these errors were encountered: