Description
Request Type
Bug
Work Environment
| Question | Answer |
|---|---|
| OS version (server) | Debian |
| OS version (client) | 8.9 |
| TheHive version / git hash | 2.13.1 |
| Package Type | DEB |
Problem Description
I installed Cortex and TheHive and MISP with misp-modules.
I enabled misp-modules support in Cortex.
When I try to do an IP analysis for any ip, with the (MISP-) module geoip-country it loops permanently and floods /var/log/cortex/application.log until the system storage is full.
If I instead start the analysis with Cortex, it fails, but is not restarted and therefore the loop and log-flood does not appear.
I really wonder that no other people are faced with this issue!? Seems that nobody else tried this ;)
best regards
Chris
Here an excerpt of the logs:
2017-09-26 13:39:51,797 [INFO] from application in application-akka.actor.default-dispatcher-6 - GET /api/job/vfBAOTyCWEIYxZBY/waitreport?atMost=1%20minute returned 500 com.fasterxml.jackson.core.JsonParseException: Unexpected character ('-' (code 45)): Expected space separating root-level values at [Source: 2017-09-26 13:39:51,608 - geoip_country - DEBUG - 10.1.137.180 {"error": "GeoIP resolving error"} ; line: 1, column: 6] at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1586) at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:521) at com.fasterxml.jackson.core.base.ParserMinimalBase._reportUnexpectedChar(ParserMinimalBase.java:450) at com.fasterxml.jackson.core.base.ParserMinimalBase._reportMissingRootWS(ParserMinimalBase.java:466) at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._verifyRootSpace(ReaderBasedJsonParser.java:1598) at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._parsePosNumber(ReaderBasedJsonParser.java:1248) at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:705) at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:3847) at com.fasterxml.jackson.databind.ObjectMapper._readValue(ObjectMapper.java:3765) at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2050) at play.api.libs.json.jackson.JacksonJson$.parseJsValue(JacksonJson.scala:238) at play.api.libs.json.Json$.parse(Json.scala:21) at services.MispSrv$$anonfun$analyze$1.apply(MispSrv.scala:156) at services.MispSrv$$anonfun$analyze$1.apply(MispSrv.scala:154) at scala.concurrent.impl.Future$PromiseCompletingRunnable.liftedTree1$1(Future.scala:24) at scala.concurrent.impl.Future$PromiseCompletingRunnable.run(Future.scala:24) at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:39) at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(AbstractDispatcher.scala:409) at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260) at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339) at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979) at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107) 2017-09-26 13:39:51,810 [INFO] from application in application-akka.actor.default-dispatcher-8 - GET /api/job/vfBAOTyCWEIYxZBY/waitreport?atMost=1%20minute returned 500 com.fasterxml.jackson.core.JsonParseException: Unexpected character ('-' (code 45)): Expected space separating root-level values at [Source: 2017-09-26 13:39:51,608 - geoip_country - DEBUG - 10.1.137.180 {"error": "GeoIP resolving error"} ; line: 1, column: 6] at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1586) at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:521) at com.fasterxml.jackson.core.base.ParserMinimalBase._reportUnexpectedChar(ParserMinimalBase.java:450) at com.fasterxml.jackson.core.base.ParserMinimalBase._reportMissingRootWS(ParserMinimalBase.java:466) at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._verifyRootSpace(ReaderBasedJsonParser.java:1598) at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._parsePosNumber(ReaderBasedJsonParser.java:1248) at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:705) at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:3847) at com.fasterxml.jackson.databind.ObjectMapper._readValue(ObjectMapper.java:3765) at com.fasterxml.jackson.da