geoloc fatal error

[Michael Perry]

After a standard setup I get this:

root@mhn-server:~# supervisorctl status
geoloc                           FATAL      Exited too quickly (process log may have details)
honeymap                         RUNNING    pid 29356, uptime 1:37:33
hpfeeds-broker                   RUNNING    pid 29347, uptime 1:37:33
mnemosyne                        RUNNING    pid 29339, uptime 1:37:33

The geoloc.err file at /var/log gives me this:

 -> errormessage from server: accessfail.

Parsing config file: /opt/hpfeeds/geoloc.json

connected to @hp2

 -> errormessage from server: accessfail.

Parsing config file: /opt/hpfeeds/geoloc.json

Traceback (most recent call last):

  File "/opt/hpfeeds/env/local/lib/python2.7/site-packages/hpfeeds.py", line 137, in connect

    self.s.connect((addr, self.port))

  File "/usr/lib/python2.7/socket.py", line 224, in meth

    return getattr(self._sock,name)(*args)

error: [Errno 111] Connection refused

connected to @hp2

 -> errormessage from server: accessfail.

Parsing config file: /opt/hpfeeds/geoloc.json

connected to @hp2

 -> errormessage from server: accessfail.

Parsing config file: /opt/hpfeeds/geoloc.json

connected to @hp2

I have reviewed the trouble shooting guide, but I can’t resolve the issue.

Can you point me in the right direction?

Michael Perry

ast...@comcast.net

Our OS who art in CPU, UNIX be thy name.
Thy programs run, thy syscalls done,
In kernel as it is in user.

[Jason Trost]

Access fail means that your hpfeeds setup is not right.  Can you check your geoloc config.  Look at the "secret" field.  Now open mongodb and do this:

root@mhn:/opt/hpfeeds# mongo hpfeeds
MongoDB shell version: 2.6.2
connecting to: hpfeeds
> db.auth_key.find( {"identifier": "geoloc"} )

Look at the "secret" field in the JSON document returned.  Does secret field from the config match?  If they do match.  Check to make sure the publish and subscribe lists match as well.  

I hope this helps.

--Jason

--
You received this message because you are subscribed to the Google Groups "Modern Honey Network" group.
To unsubscribe from this group and stop receiving emails from it, send an email to modern-honey-net...@googlegroups.com.
To post to this group, send email to modern-hon...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/modern-honey-network/4E706639-399D-444E-A3F5-2E269A74AC97%40comcast.net.
For more options, visit https://groups.google.com/d/optout.

--

Jason Trost | Director of ThreatStream Labs | www.threatstream.com 
Phone:  386.235.0078 | Twitter:  @jason_trost 

[Jason Trost]

I just replied to someone else with a simialr issue and I think this should fix it:

I think you found a bug and I fixed it in the deploy script (https://github.com/threatstream/mhn/commit/81dccd55591cd71f9b8a0f251ac9f601b5f7faee).  Can you check this out: https://gist.github.com/jt6211/68464a4d8c66db1807fa

There is a mismatch between the hpfeeds auth_key entry for "geoloc" and the "geoloc" config.  You can either re-install or run 3 mongo DB commands:

> db.auth_key.update( { "identifier": "geoloc" }, {"$push": {"subscribe": "wordpot.events"}} )

> db.auth_key.update( { "identifier": "geoloc" }, {"$push": {"subscribe": "shockpot.events"}} )

> db.auth_key.update( { "identifier": "geoloc" }, {"$push": {"subscribe": "p0f.events"}} )

the geoloc service should start after this.  You may need to run "sudo supervisorctl restart geoloc" though.

Did this fix your issue?

--Jason

​

[crybab...@gmail.com]

I know this is an old thread but I was having the same issue and this fixed my problem, thanks Jason!

[nuixc...@gmail.com]

First of all I am totally in love with what is being done with MHN!!  What a cool idea!

I've had about 6 hours of sleep in the past two days trying to get the Maps page working, but this post helped me figure it out.  I've rebuilt my server 6 times and gone through all of the geo and hpfeed settings over and over again.  Here is what I finally figured out....each time I built the server the last thing I'd usually do is set the IP address, which would promptly screw over my "secret" authentication for the geo-maps.  Rebuilding one last time (with the IP set before hand) and it should be good.

Aside from my troubles, this really is a simple install process...you just have to be smarter than your mouse.

Thanks!

[nuixc...@gmail.com]

OK, I take it back...it's not fixed yet.

I get different "secret" codes in honeymap server config.json than I have in geoloc.json and in the database.  I'm not sure which one is right, except that the honeymap logs look like it connected successfully.

Any ideas?  I think I might need to try to figure out how to make a change in the database, but I've never done such as thing.

[nuixc...@gmail.com]

Prior to doing the final server install step ./install-server.sh (or whatever it's named) I checked the logs for honeymap and geoloc and they both appeared to be connected and clean.

After configuring the server settings (during the final install steps) and finializing the installation all of the (supervisorctl) processes are running.
The logs for honeymap and hpfeeds-broker are happy (connecting and look clean) but geoloc is failing to connect.

I'm running xUbuntu 12.04.04.

Any tips or ideas would be greatly appreciated. I'm out of ideas for now.

Thanks,
Jaime

[Jason Trost]

Jaime,

Can you send me the following:

1. output of:
sudo supervisorctl status

2. output of:
mongo hpfeeds -eval "db.auth_key.find({identifier:
'geoloc'}).forEach(function(r){print(JSON.stringify(r));})"

3. contents of: /var/log/geoloc.*

4. contents of: /opt/hpfeeds/geoloc.json

> --
> You received this message because you are subscribed to the Google Groups "Modern Honey Network" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to modern-honey-net...@googlegroups.com.
> To post to this group, send email to modern-hon...@googlegroups.com.

> To view this discussion on the web visit https://groups.google.com/d/msgid/modern-honey-network/f30823b1-0de6-43e6-b6b8-d0a43835d08c%40googlegroups.com.

[Sat Booth]

I know this is an old thread but I was having the same issue. I check geoloc config and mongo hpfeeds. They have the same secret and publish subscribe.

Any solution to fix this?

Thanks, 

To unsubscribe from this group and stop receiving emails from it, send an email to modern-honey-network+unsub...@googlegroups.com.

To post to this group, send email to modern-hon...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/modern-honey-network/4E706639-399D-444E-A3F5-2E269A74AC97%40comcast.net.
For more options, visit https://groups.google.com/d/optout.

[Jason Trost]

Can you send your stack trace along with the following info?

cd /opt/mhn

git log | git log | head -n4

cd /opt/hpfeeds

git log | git log | head -n4

contents of: /var/log/geoloc.* OR contents of: /var/log/mhn/geoloc.*

To unsubscribe from this group and stop receiving emails from it, send an email to modern-honey-net...@googlegroups.com.

To post to this group, send email to modern-hon...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/modern-honey-network/4E706639-399D-444E-A3F5-2E269A74AC97%40comcast.net.
For more options, visit https://groups.google.com/d/optout.

--

Jason Trost | Director of ThreatStream Labs | www.threatstream.com 
Phone:  386.235.0078 | Twitter:  @jason_trost 

--
You received this message because you are subscribed to the Google Groups "Modern Honey Network" group.

To unsubscribe from this group and stop receiving emails from it, send an email to modern-honey-net...@googlegroups.com.

To post to this group, send email to modern-hon...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/modern-honey-network/b2f17b5f-d6c0-41cc-8341-f5dceebfa5b1%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Jason Trost | VP of Threat Research | www.threatstream.com
2317 Broadway, 3rd Floor| Redwood City, CA 94063
Phone:  386.235.0078 | Twitter:  @jason_trost

[Sat Booth]

Before this I have an issue on geoloc config and mongo  hpfeeds, these don’t match in subscribe channel. Due to Mongo hpfeeds channel have kippo.alerts but in geoloc config was missed. So i try a new way, I edited install_hineymap.sh insert kippo.alerts in geoloc.json config phase and reinstall MHN from the first step, now geoloc config and mongo  hpfeeds is match ,however I still have the same issue

----------------------------------------------------------------------------------------------------------------------------------

root@Ubun:/opt/mhn# git log | git log | head -n4

commit f38f310caa3ce6ce86c48c39268fa1fb2be512e1

Merge: 36f0b8f 53a7e90

Author: Jason Trost <jason...@gmail.com>

Date:   Fri Oct 2 12:17:39 2015 -0400

root@Ubun:/opt/mhn# cd /opt/hpfeeds

root@Ubun:/opt/hpfeeds# git log | git log | head -n4

commit 6153b7d70eeba3e26ccf4c70953be0654764e3d3

Author: Jason Trost <jason...@gmail.com>

Date:   Tue Sep 22 13:00:18 2015 -0400

----------------------------------------------------------------------------------------------------------------------------------

geoloc.err

  File "/opt/hpfeeds/env/local/lib/python2.7/site-packages/hpfeeds.py", line 137, in connect

    self.s.connect((addr, self.port))

  File "/usr/lib/python2.7/socket.py", line 224, in meth

    return getattr(self._sock,name)(*args)

error: [Errno 111] Connection refused

 ----------------------------------------------------------------------------------------------------------------------------------

[Jason Trost]

Connection refused likely means your mhn broker is either not running,
or a firewall is blocking connections to it, or the IP/hostname in
your geloc script is wrong. Could one of these be true?

> --
> You received this message because you are subscribed to the Google Groups
> "Modern Honey Network" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to modern-honey-net...@googlegroups.com.
> To post to this group, send email to modern-hon...@googlegroups.com.
> To view this discussion on the web visit

> https://groups.google.com/d/msgid/modern-honey-network/84d43703-d35e-4bf7-8cd3-8f9572a9947b%40googlegroups.com.