Problem with ELSA searches / Security Onion 12.04
Someday I started getting the following errors in the web interface of ELSA when trying to search something:
"Warnings: node 127.0.0.1 got error $VAR1 = undef; , node 127.0.0.1 got error $VAR1 = undef; , node 127.0.0.1 got error $VAR1 = undef;"
Steps which solved the issue for me:
- check: no daemon listening on 9306 TCP
- start daemon interactively with logging to term (see [1]):
su -s /bin/sh -c 'exec "$0" "$@"' sphinxsearch -- /usr/bin/searchd --nodetach
- this revealed tons of errors like:
WARNING: index 'perm_1': lock: failed to open /nsm/elsa/data/sphinx/perm_1.spl: Permission denied; NOT SERVING precaching index 'temp_1'
- so I changed the ownership of the files as follows:
sudo chown sphinxsearch:sphinxsearch /nsm/elsa/data/sphinx/*
sudo chmod g+s /nsm/elsa/data/sphinx
- next restart (using cmd line above) showed access to the files now worked, but another error stayed:
FATAL: USE_64BIT inconsistency (binary=1, binlog=0); recovery requires previous binary version
- adding the following line to /etc/sphinxsearch/sphinx.conf to the searchd section (see [2]) solved the problem:
binlog_path =
- now ELSA worked fine again after a
sudo service sphinxsearch restart
- you might also consider rebuilding the index:
sudo indexer --rotate --all
References
- this post got me into the right direction but did not solve the issue completely:
https://groups.google.com/forum/#!topic/security-onion/3Wzf7baqb0s - this post solved the other part of the issue:
http://sphinxsearch.com/forum/view.html?id=7408