Messages

Seems to be more of an Elasticsearch problem than SENSEI...

There seems to be an issue with the elasticsearch or the combination... I was using ES 6.8.14, updated to 7.11.1 and now at least some indices are created. but I still get the error and no data get feed into...

dear opnsense community

sensei somehow can't communicate with my elasticsearch db. I noticed this when I click on the dashboard it says "An error occured while report is beeing loaded!" - According forum entries I rebooted several times, waited longer but sensei isn't writing anything to elasticsearch, as no index is beeing created.

I tested elasticsearch via "http://192.168.1.18:9200/newindex" which did create a new index. I can ping and reach the elasticsearch server with curl..

/usr/local/sensei/log/active/ipdr_streamer.log

Code Select Expand

Elasticsearch insert
Staring ES....True
Endpoint: tls_write
Inserting in 0.01 seconds.
Inserting in 0.01 seconds.
Inserting in 0.01 seconds.
IPDRSTREAM STOP:  FileNotFoundError(2, 'No such file or directory')
----2021-03-18T09:04:11.452253 waiting data...
sending bulk: /usr/local/sensei/output/active/temp/0_conn_29.ipdr.ready
sending bulk: /usr/local/sensei/output/active/temp/0_dns_32.ipdr.ready
File: /usr/local/sensei/output/active/temp/0_dns_32.ipdr.ready Size: 2494
File: /usr/local/sensei/output/active/temp/0_conn_29.ipdr.ready Size: 9376
Elasticsearch insert

I did uninstall sensei completely and reinstalled it, reinstalled suricata, as said rebooted several times...

Any ideas what else I could try?

Thanks a lot in advance
Dave