opencti icon indicating copy to clipboard operation
opencti copied to clipboard
verified publisher icon OpenCTI-Platform

Countless admin sessions

Open misohouse opened this issue 1 year ago • 7 comments

OpenCTI version: 5.12.31

The picture below shows a partial view of the sessions. (there are so many sessions created that it's impossible to scroll down by manually turning the middle mouse button) 1111

I've set a session timeout of 30 minutes in docker-compose, but I'm wondering why there are so many sessions under the admin account 3333

I don't know why there are so many admin sessions created when I'm not doing anything specific as admin.

And I'm attaching a list of the connectors I'm currently connected to. (The connectors marked in red in the # part are commented out in docker-compose due to performance degradation) 2222

misohouse avatar Feb 16 '24 00:02 misohouse

Are you running the connectors using the admin token?

ckane avatar Feb 16 '24 04:02 ckane

@ckane Yes, As written in the docker-compose examples, I set the token for all connectors to admin's token. (https://github.com/OpenCTI-Platform/docker/blob/master/docker-compose.yml)

But I don't know why there are so many sessions being created when there are not that many connectors (when I look at the opencti container logs, sessions are constantly being created)

misohouse avatar Feb 16 '24 05:02 misohouse

I advise you to give each connector a specific user account. It will allow to better track modification of the knowledge base by connectors, and also controlling their impact via max confidence level. @sbocahu are you able to give clues about this excessive amount of sessions?

Jipegien avatar Feb 16 '24 08:02 Jipegien

@ckane Yes I was. However, the same thing happens even though I assigned a new token for each connector.

misohouse avatar Feb 19 '24 00:02 misohouse

It seems that the same happens for us internally (though I don't know the setup that we have @Kedae ). Image is also cropped (list too big). image

nino-filigran avatar Feb 20 '24 13:02 nino-filigran

Hi @misohouse

Can you check with which user are configured your connectors ? For information, workers ping the platform regularly for health check with admin user, so it's pretty normal to have (NbWorkers X NbConnectors) sessions opened. If somes connectors uses the admin user, it also adds sessions.

Kedae avatar Feb 26 '24 13:02 Kedae

@Kedae The list of connectors currently working in my OpenCTI is shown below, all of which are using admin_token. 11

There are a total of 3 workers running, with a total of 151 sessions currently open, and the session timeout is 30 minutes.

I'm not sure if this is normal or not, as I don't quite understand what you mean by "Nb" in your description.

I would appreciate it if you could answer that.

misohouse avatar Feb 28 '24 23:02 misohouse

Hi @misohouse

From your answer I don't think there is an issue here. Each connector, on each worker opens a few session (because you use admin_token) so I don't find your number of session delusional especially if there are correctly maintained alived.

Kedae avatar Mar 11 '24 12:03 Kedae