Could not download and upgrade Moloch. Please check your network connection or that Elasticsearch is up and running.

[shushu1234]

When I execute the selks-upgrade_stamus command, I get the following error:

Thanks!

[pevma]

Most likely this is due to URL link download change - cooking a fix...

[shushu1234]

I would like to ask when will you update the version?

[pevma]

You can try again - it should be good now.

[shushu1234]

I have tried again, but still the same error

[pevma]

Can you please paste the output of selks-health-check_samus ?

[shushu1234]

root@SELKS:/home/selks-user# selks-health-check_stamus ● suricata.service - LSB: Next Generation IDS/IPS Loaded: loaded (/etc/init.d/suricata; generated) Active: active (running) since Tue 2020-12-15 19:00:41 CST; 44s ago Docs: man:systemd-sysv-generator(8) Process: 14860 ExecStart=/etc/init.d/suricata start (code=exited, status=0/SUCCESS) Tasks: 8 (limit: 9500) Memory: 305.7M CGroup: /system.slice/suricata.service └─14867 /usr/bin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid --af-packet -D -v --user=logstash

12月 15 19:00:41 SELKS systemd[1]: Starting LSB: Next Generation IDS/IPS... 12月 15 19:00:41 SELKS suricata[14860]: Starting suricata in IDS (af-packet) mode... done. 12月 15 19:00:41 SELKS systemd[1]: Started LSB: Next Generation IDS/IPS. ● elasticsearch.service - Elasticsearch Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-12-15 18:48:01 CST; 13min ago Docs: https://www.elastic.co Main PID: 14464 (java) Tasks: 84 (limit: 9500) Memory: 1.3G CGroup: /system.slice/elasticsearch.service ├─14464 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negat… └─14641 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller

12月 15 18:47:49 SELKS systemd[1]: elasticsearch.service: Succeeded. 12月 15 18:47:49 SELKS systemd[1]: Stopped Elasticsearch. 12月 15 18:47:49 SELKS systemd[1]: Starting Elasticsearch... 12月 15 18:48:01 SELKS systemd[1]: Started Elasticsearch. ● logstash.service - logstash Loaded: loaded (/etc/systemd/system/logstash.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-12-15 15:29:02 CST; 3h 32min ago Main PID: 397 (java) Tasks: 35 (limit: 9500) Memory: 787.3M CGroup: /system.slice/logstash.service └─397 /usr/share/logstash/jdk/bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+Use…

12月 15 18:47:51 SELKS logstash[397]: [2020-12-15T18:47:51,712][WARN ][logstash.outputs.elasticsearch][main][2ada9d36290a6a5138e72156… 12月 15 18:47:51 SELKS logstash[397]: [2020-12-15T18:47:51,714][ERROR][logstash.outputs.elasticsearch][main][2ada9d36290a6a5138e72156… 12月 15 18:47:53 SELKS logstash[397]: [2020-12-15T18:47:53,717][ERROR][logstash.outputs.elasticsearch][main][2ada9d36290a6a5138e72156… 12月 15 18:47:55 SELKS logstash[397]: [2020-12-15T18:47:55,160][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect c… 12月 15 18:47:57 SELKS logstash[397]: [2020-12-15T18:47:57,761][ERROR][logstash.outputs.elasticsearch][main][2ada9d36290a6a5138e72156… 12月 15 18:47:59 SELKS logstash[397]: [2020-12-15T18:47:59,706][ERROR][logstash.outputs.elasticsearch][main][2ada9d36290a6a5138e72156… 12月 15 18:48:00 SELKS logstash[397]: [2020-12-15T18:48:00,364][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect c… 12月 15 18:48:01 SELKS logstash[397]: [2020-12-15T18:48:01,942][ERROR][logstash.outputs.elasticsearch][main][2ada9d36290a6a5138e72156… 12月 15 18:48:05 SELKS logstash[397]: [2020-12-15T18:48:05,909][WARN ][logstash.outputs.elasticsearch][main] Restored connec…1:9200/"} 12月 15 18:48:06 SELKS logstash[397]: [2020-12-15T18:48:06,047][ERROR][logstash.outputs.elasticsearch][main][2ada9d36290a6a5138e72156… Hint: Some lines were ellipsized, use -l to show in full. ● kibana.service - Kibana Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-12-15 18:48:01 CST; 13min ago Main PID: 14686 (node) Tasks: 11 (limit: 9500) Memory: 237.5M CGroup: /system.slice/kibana.service └─14686 /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli/dist

12月 15 18:48:13 SELKS kibana[14686]: {"type":"log","@timestamp":"2020-12-15T10:48:13Z","tags":["info","plugins","watcher"],…icense."} 12月 15 18:48:13 SELKS kibana[14686]: {"type":"log","@timestamp":"2020-12-15T10:48:13Z","tags":["info","plugins","monitoring…lection"} 12月 15 18:48:13 SELKS kibana[14686]: {"type":"log","@timestamp":"2020-12-15T10:48:13Z","tags":["error","elasticsearch","dat…n [10])"} 12月 15 18:48:13 SELKS kibana[14686]: {"type":"log","@timestamp":"2020-12-15T10:48:13Z","tags":["error","elasticsearch","dat…on [1])"} 12月 15 18:48:13 SELKS kibana[14686]: {"type":"log","@timestamp":"2020-12-15T10:48:13Z","tags":["error","elasticsearch","dat…[4759])"} 12月 15 18:48:13 SELKS kibana[14686]: {"type":"log","@timestamp":"2020-12-15T10:48:13Z","tags":["error","elasticsearch","dat…n [13])"} 12月 15 18:48:13 SELKS kibana[14686]: {"type":"log","@timestamp":"2020-12-15T10:48:13Z","tags":["error","elasticsearch","dat…n [10])"} 12月 15 18:48:13 SELKS kibana[14686]: {"type":"log","@timestamp":"2020-12-15T10:48:13Z","tags":["listening","info"],"pid":14…st:5601"} 12月 15 18:48:14 SELKS kibana[14686]: {"type":"log","@timestamp":"2020-12-15T10:48:14Z","tags":["info","http","server","Kiba…st:5601"} 12月 15 18:48:15 SELKS kibana[14686]: {"type":"log","@timestamp":"2020-12-15T10:48:15Z","tags":["warning","plugins","reporti…ection."} Hint: Some lines were ellipsized, use -l to show in full. ● evebox.service - EveBox Server Loaded: loaded (/lib/systemd/system/evebox.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-12-15 15:29:02 CST; 3h 32min ago Main PID: 406 (evebox) Tasks: 3 (limit: 9500) Memory: 19.0M CGroup: /system.slice/evebox.service └─406 /usr/bin/evebox server

12月 15 15:29:02 SELKS systemd[1]: Started EveBox Server. 12月 15 15:29:05 SELKS evebox[406]: 2020-12-15 15:29:05 INFO evebox::version: This is EveBox version 0.12.0 (rev: ba9d586…linux-musl 12月 15 15:29:05 SELKS evebox[406]: 2020-12-15 15:29:05 INFO evebox::server::main: Using temporary in-memory configuration database 12月 15 15:29:06 SELKS evebox[406]: 2020-12-15 15:29:06 INFO evebox::sqlite::configrepo: Initializing SQLite database 12月 15 15:29:06 SELKS evebox[406]: 2020-12-15 15:29:06 INFO evebox::sqlite::configrepo: Updating SQLite database to sche… version 1 12月 15 15:29:06 SELKS evebox[406]: 2020-12-15 15:29:06 ERROR evebox::server::main: Failed to get Elasticsearch version, t…error 111) 12月 15 15:29:06 SELKS evebox[406]: 2020-12-15 15:29:06 INFO evebox::server::main: Starting server on 127.0.0.1:5636, tls=false Hint: Some lines were ellipsized, use -l to show in full. ● molochviewer-selks.service - Moloch Viewer Loaded: loaded (/etc/systemd/system/molochviewer-selks.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-12-15 19:00:39 CST; 46s ago Main PID: 14823 (sh) Tasks: 12 (limit: 9500) Memory: 39.3M CGroup: /system.slice/molochviewer-selks.service ├─14823 /bin/sh -c /data/moloch/bin/node viewer.js -c /data/moloch/etc/config.ini >> /data/moloch/logs/viewer.log 2>&1 └─14825 /data/moloch/bin/node viewer.js -c /data/moloch/etc/config.ini

12月 15 19:00:39 SELKS systemd[1]: Started Moloch Viewer. ● molochpcapread-selks.service - Moloch Pcap Read Loaded: loaded (/etc/systemd/system/molochpcapread-selks.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-12-15 19:00:39 CST; 46s ago Main PID: 14819 (sh) Tasks: 5 (limit: 9500) Memory: 138.7M CGroup: /system.slice/molochpcapread-selks.service ├─14819 /bin/sh -c /data/moloch/bin/moloch-capture -c /data/moloch/etc/config.ini -m -s -R /data/nsm/ >> /data/moloch/logs… └─14821 /data/moloch/bin/moloch-capture -c /data/moloch/etc/config.ini -m -s -R /data/nsm/

12月 15 19:00:39 SELKS systemd[1]: Started Moloch Pcap Read. scirius RUNNING pid 14703, uptime 0:13:24 ii elasticsearch 7.10.1 amd64 Distributed RESTful search engine built for the cloud ii elasticsearch-curator 5.8.1 amd64 Have indices in Elasticsearch? This is the tool for you!\n\nLike a museum curator manages the exhibits and collections on display, \nElasticsearch Curator helps you curate, or manage your indices. ii evebox 1:0.12.0 amd64 no description given ii kibana 7.10.1 amd64 Explore and visualize your Elasticsearch data ii kibana-dashboards-stamus 2020042401 amd64 Kibana 6 dashboard templates. ii logstash 1:7.10.1-1 amd64 An extensible logging pipeline ii moloch 2.2.3-1 amd64 Moloch Full Packet System ii scirius 3.5.0-3 amd64 Django application to manage Suricata ruleset ii suricata 1:2020121102-0stamus0 amd64 Suricata open source multi-thread IDS/IPS/NSM system. 文件系统 类型 容量 已用 可用 已用% 挂载点 udev devtmpfs 3.9G 0 3.9G 0% /dev tmpfs tmpfs 796M 9.1M 787M 2% /run /dev/sda1 ext4 976G 9.9G 916G 2% / tmpfs tmpfs 3.9G 0 3.9G 0% /dev/shm tmpfs tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup tmpfs tmpfs 796M 12K 796M 1% /run/user/1000 tmpfs tmpfs 796M 4.0K 796M 1% /run/user/115

[shushu1234]

Is the upgrade successful?

[pevma]

Does not seem so -
Can you please share the output of dpkg -l |grep selks ?

[shushu1234]

Thanks

[pevma]

It seems it can not download the new moloch pkg. Can you try to run the upgrade again or download it manually ?