SysmonSearch icon indicating copy to clipboard operation
SysmonSearch copied to clipboard

Published 20 hours ago verified publisher icon JPCERTCC

Kibana will not start with the plugin installed.

Open MrrWhoo opened this issue 5 years ago • 3 comments

Hello,

Kibana fails to start with plugin installed. Kibana 7.6.0, I'm utilizing existing build of ELK

Thx

MrrWhoo avatar May 18 '20 00:05 MrrWhoo

Hello MrrWhoo,

Could you please provide more information about:

  • What is the Kibana error message?
  • Did you check following setup guides?
    • https://github.com/JPCERTCC/SysmonSearch/wiki/Install#Kibana-Server-Setup
    • https://github.com/JPCERTCC/SysmonSearch/wiki/Install-the-React-version

Please don't hesitate to contact us if you have any questions.

S03D4-164 avatar May 18 '20 01:05 S03D4-164

I can confirm this behavior.

Steps to reproduce the issue:

git clone
cd docker
docker-compose up

after pulling down the images and elastic start up, kibana detects the plugin and tries to compile, but fails during optimization and produces the following fatal:

...
docker-sysmonsearch-kibana | {"type":"log","@timestamp":"2020-07-15T17:50:08Z","tags":["info","plugins","canvas"],"pid":6,"message":"Stopping plugin"}
docker-sysmonsearch-kibana | {"type":"log","@timestamp":"2020-07-15T17:50:08Z","tags":["info","plugins","metrics"],"pid":6,"message":"Stopping plugin"}
docker-sysmonsearch-kibana | {"type":"log","@timestamp":"2020-07-15T17:50:08Z","tags":["info","plugins","usageCollection"],"pid":6,"message":"Stopping plugin"}
docker-sysmonsearch-kibana | {"type":"log","@timestamp":"2020-07-15T17:50:08Z","tags":["info","plugins","code"],"pid":6,"message":"Stopping plugin"}
docker-sysmonsearch-kibana | {"type":"log","@timestamp":"2020-07-15T17:50:08Z","tags":["info","plugins","encryptedSavedObjects"],"pid":6,"message":"Stopping plugin"}
docker-sysmonsearch-kibana | {"type":"log","@timestamp":"2020-07-15T17:50:08Z","tags":["info","plugins","infra"],"pid":6,"message":"Stopping plugin"}
docker-sysmonsearch-kibana | {"type":"log","@timestamp":"2020-07-15T17:50:08Z","tags":["info","plugins","licensing"],"pid":6,"message":"Stopping plugin"}
docker-sysmonsearch-kibana | {"type":"log","@timestamp":"2020-07-15T17:50:08Z","tags":["info","plugins","siem"],"pid":6,"message":"Stopping plugin"}
docker-sysmonsearch-kibana | {"type":"log","@timestamp":"2020-07-15T17:50:08Z","tags":["info","plugins","taskManager"],"pid":6,"message":"Stopping plugin"}
docker-sysmonsearch-kibana | 
docker-sysmonsearch-kibana |  FATAL  Error: Optimizations failure.
docker-sysmonsearch-kibana |    9331 modules
docker-sysmonsearch-kibana |     
docker-sysmonsearch-kibana |     ERROR in ./plugins/sysmon_search_r/public/components/main/react-visjs-timeline.js
docker-sysmonsearch-kibana |     Module not found: Error: Can't resolve 'lodash/assign' in '/usr/share/kibana/plugins/sysmon_search_r/public/components/main'
docker-sysmonsearch-kibana |     
docker-sysmonsearch-kibana |     ERROR in ./plugins/sysmon_search_r/public/components/main/react-visjs-timeline.js
docker-sysmonsearch-kibana |     Module not found: Error: Can't resolve 'lodash/difference' in '/usr/share/kibana/plugins/sysmon_search_r/public/components/main'
docker-sysmonsearch-kibana |     
docker-sysmonsearch-kibana |     ERROR in ./plugins/sysmon_search_r/public/components/main/react-graph-vis.js
docker-sysmonsearch-kibana |     Module not found: Error: Can't resolve 'lodash/differenceWith' in '/usr/share/kibana/plugins/sysmon_search_r/public/components/main'
docker-sysmonsearch-kibana |     
docker-sysmonsearch-kibana |     ERROR in ./plugins/sysmon_search_r/public/components/main/react-visjs-timeline.js
docker-sysmonsearch-kibana |     Module not found: Error: Can't resolve 'lodash/each' in '/usr/share/kibana/plugins/sysmon_search_r/public/components/main'
docker-sysmonsearch-kibana |     
docker-sysmonsearch-kibana |     ERROR in ./plugins/sysmon_search_r/public/components/main/react-graph-vis.js
docker-sysmonsearch-kibana |     Module not found: Error: Can't resolve 'lodash/fp/defaultsDeep' in '/usr/share/kibana/plugins/sysmon_search_r/public/components/main'
docker-sysmonsearch-kibana |     
docker-sysmonsearch-kibana |     ERROR in ./plugins/sysmon_search_r/public/components/main/react-visjs-timeline.js
docker-sysmonsearch-kibana |     Module not found: Error: Can't resolve 'lodash/intersection' in '/usr/share/kibana/plugins/sysmon_search_r/public/components/main'
docker-sysmonsearch-kibana |     
docker-sysmonsearch-kibana |     ERROR in ./plugins/sysmon_search_r/public/components/main/react-graph-vis.js
docker-sysmonsearch-kibana |     Module not found: Error: Can't resolve 'lodash/isEqual' in '/usr/share/kibana/plugins/sysmon_search_r/public/components/main'
docker-sysmonsearch-kibana |     
docker-sysmonsearch-kibana |     ERROR in ./plugins/sysmon_search_r/public/components/main/react-visjs-timeline.js
docker-sysmonsearch-kibana |     Module not found: Error: Can't resolve 'lodash/keys' in '/usr/share/kibana/plugins/sysmon_search_r/public/components/main'
docker-sysmonsearch-kibana |     
docker-sysmonsearch-kibana |     ERROR in ./plugins/sysmon_search_r/public/components/main/react-visjs-timeline.js
docker-sysmonsearch-kibana |     Module not found: Error: Can't resolve 'lodash/omit' in '/usr/share/kibana/plugins/sysmon_search_r/public/components/main'

de-npolkowske avatar Jul 15 '20 17:07 de-npolkowske

Please execute setup.sh in docker directory. It will install dependent node modules.

Please refer to the following wiki: https://github.com/JPCERTCC/SysmonSearch/wiki/Setup-with-Docker#how-to-set-up

S03D4-164 avatar Jul 15 '20 22:07 S03D4-164