Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pulling logs from Elastic search #138

Open
DayNja opened this issue Jan 30, 2024 · 1 comment
Open

Pulling logs from Elastic search #138

DayNja opened this issue Jan 30, 2024 · 1 comment

Comments

@DayNja
Copy link

DayNja commented Jan 30, 2024

Good day, hope you all are doing well.

im having a little bit of trouble pulling logs from my standalone Elastic instance

the command i ran is as follows
python3 logontracer.py --es --es-server https://192.168.1.2:9200 --es-cafile /home/ubuntu/elasticsearch-ca.pem --es-user elastic --es-pass Aabc98765! -z +4 -f 2023-06-15T08:00:00 -t 2023-06-16T08:00:30

and i get this error

Traceback (most recent call last):
File "logontracer.py", line 2880, in
main()
File "logontracer.py", line 2874, in main
parse_es(case)
File "logontracer.py", line 2321, in parse_es
context = create_default_context(cafile=FPATH + ES_CAFILE)
File "/usr/lib/python3.8/ssl.py", line 745, in create_default_context
context.load_verify_locations(cafile, capath, cadata)
FileNotFoundError: [Errno 2] No such file or directory
@SiteQ8
Copy link

SiteQ8 commented Jan 30, 2024

It looks like the error is indicating that the file specified in the --es-cafile option (/home/ubuntu/elasticsearch-ca.pem) is not found. The FileNotFoundError: [Errno 2] No such file or directory suggests that the specified CA file cannot be located at the given path.

Here are a few steps to troubleshoot this issue:

  1. Verify File Path:
    Double-check that the file /home/ubuntu/elasticsearch-ca.pem exists at the specified location. You can use the ls command in the terminal to list the files in the /home/ubuntu/ directory:

    ls /home/ubuntu/

    Ensure that elasticsearch-ca.pem is present.

  2. Permissions:
    Ensure that the user running the Python script has the necessary permissions to access the file. You can use the ls -l command to check the file permissions:

    ls -l /home/ubuntu/elasticsearch-ca.pem

    Make sure the file is readable by the user running the script.

  3. Correct File Path in Script:
    Confirm that the script itself is referencing the correct file path. Open the logontracer.py script and locate the line where the create_default_context function is called with cafile=FPATH + ES_CAFILE. Ensure that FPATH is defined correctly and that the concatenation with ES_CAFILE results in the correct file path.

  4. Use Absolute Path:
    Instead of relying on the current working directory, provide the full absolute path to the CA file in the command. For example:

    python3 logontracer.py --es --es-server https://192.168.1.2:9200 --es-cafile /home/ubuntu/elasticsearch-ca.pem --es-user elastic --es-pass Aabc98765! -z +4 -f 2023-06-15T08:00:00 -t 2023-06-16T08:00:30

    This ensures that there is no ambiguity about the file path.

After performing these checks, you should be able to determine if the issue is related to the file's presence, permissions, or how it's referenced in the script.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SiteQ8 @DayNja