- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-15-2016 12:20 AM
Hi everyone,
I am facing an issue that floods my output SIEM a little to often. The issue seems to be that the miner node is unable to register where it left of during the last check. Any tips on solving this?
2016-11-14T08:54:30 (17269)base.read_checkpoint ERROR: sslabusech_dyreblacklist - Error reading last checkpoint
Traceback (most recent call last):
  File "/opt/minemeld/engine/0.9.26/local/lib/python2.7/site-packages/minemeld/ft/base.py", line 245, in read_checkpoint
    with open(self.name+'.chkp', 'r') as f:
IOError: [Errno 2] No such file or directory: 'sslabusech_dyreblacklist.chkp'
2016-11-14T08:54:30 (17269)base.state INFO: sslabusech_dyreblacklist - transitioning to state 1
2016-11-14T08:54:30 (17270)base.read_checkpoint ERROR: sslabusech_ipblacklist - Error reading last checkpoint
Traceback (most recent call last):
  File "/opt/minemeld/engine/0.9.26/local/lib/python2.7/site-packages/minemeld/ft/base.py", line 245, in read_checkpoint
    with open(self.name+'.chkp', 'r') as f:
IOError: [Errno 2] No such file or directory: 'sslabusech_ipblacklist.chkp'
2016-11-14T08:54:30 (17270)base.state INFO: sslabusech_ipblacklist - transitioning to state 1
2016-11-14T08:54:30 (17270)base.read_checkpoint ERROR: openbl_base - Error reading last checkpointRegards,
Forseti
11-15-2016 12:28 AM
Hi @Forseti,
that ERROR happens only when the engine starts if the checkpoint does not exist. It could happen for 2 reasons:
- the node is new and there is no previous checkpoint to load
- the engine didn't have a "clean" shut down
- could you check before those ERROR messages if you see additional ERRORs ?
- check also the OS syslog and dmesg to see if there was a problem with memory or disk exhaustion
Thanks,
luigi
11-15-2016 12:54 AM
11-15-2016 01:10 AM
I'd like to fix the instability issue first, I think it's related to memory exhaustion.
Would you mind unicast me the logs from /opt/minemeld/log ? My email is lmori@paloaltonetworks.com.
Also please note that when MineMeld start without a checkpoint it starts crunching all the indicators, and it could take a while. Are your running 0.9.24 or 0.9.26 ? Before 0.9.26 the GUI wasn't responsive under load, the only thing you could do was waiting for the CPU load to lower.
Thanks,
luigi
11-15-2016 04:56 AM
Luigi, thank you for your help.
For future reference: issue was caused by rabbitmq starting after minemeld had already started.
11-15-2016 11:23 PM
An additional check for this will be added in the next release.
 
					
				
				
			
		
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!

