New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Internal Server Error when Org Admins view / populate events #5027
Comments
It sounds like the upgrade to 112 failed or it didn't update the caches. Could you run the following? Assuming MISP is installed in /var/www/MISP:
and then try again? |
Did that. Files reappeared shortly. But Issue sadly remains. |
Missed the output from MySQL, I see. Could you run the following?
After that clear the caches with
again and you should be sorted. Let me know if it didn't work! |
Just tried that. And the error is still there. And i checked the database again. Schema has not changed on table attribute_tags. Error Message in logs still the same. |
Could you check your audit logs in MISP? Just log in as a site admin, go to audit logs, then select the update filter and paste the contents here. Thanks! |
How much empty space do you have? The alter tables fail probably because it cannot copy the table. |
Can you check the size of your database? and review if you have enough free space (as an alter table might create copy of some tables).
|
This will show us the size of the tables. |
MariaDB [misp01]> select table_name, sum((data_length+index_length)/1024/1024) AS MB from information_schema.tables where table_schema = 'misp01' group by table_name; |
MariaDB [misp01]> select table_schema, sum((data_length+index_length)/1024/1024) AS MB from information_schema.tables group by 1; |
We are running two misp instances with a separate database server. same error occurs on both instances. currently we are trying to fix misp01 |
df -h |
Any custom hardening that you guys are doing? If it's not space related it could be file permission related. As a next step if all else fails we can test and try to create it manually. |
i am not sure how a missing database column can be file permission related. |
This basically tells us: We tried to add the local flag to the table but it failed. Adding a column means issuing an alter table. Now fun fact about MySQL, alter tables internally actually take the original table, create a temporary copy of it in a separate file, modify the copy, delete the original and move the copy to the original's location. The reason for the failure is "The returned error is: SQLSTATE[HY000]: General error: 1878 Temporary file write failure" - this means that the temporary file could not be written. This can be due to file permission issues or a lack of space. |
All right I get it. pwd 347 drwx------ 2 mysql mysql 8192 21. Aug 10:51 misp01 Mysql can write into that folder. |
It should be able to unless you have some SELinux madness going on. Perhaps the best thing to do is this: Log into MySQL via the command line using the user used by MISP (
Does this work? |
MariaDB [misp01]> ALTER TABLE Same error. I see now |
What i am wondering too is that this issue only applies to org admins? Next step is for us to expand our file system partition. To at least erase that possibility. Thanks for the support so far guys. Cheers. |
Hello there, that makes sense, it's a bit confusing though. So basically, we consider "community only" to include anyone that has a user on an instance. This means that if I am part of a community (MISP B), I want to grab the events I can see and take it home to my own instance (MISP A) via a pull. The interaction is initiated by me (org A) on my home instance (MISP A) and the event will be pulled over and downgraded to "organisation only". Organisation only implies that the data is visible by one organisation on the instance, denoted by the local owner organisation (org_id in the event - in this case org A). This is the organisation of whoever creates the data locally, in the case of the pull the admin that initiated the pull (org A) and which has a remote user on the community (MISP B) that has the data in this case. On the other hand, for pushes it's different. Pushes happen via the sync users of the pushing party (org B), meaning that in the previous scenario, if the community instance (MISP B) that has the data would push the data, they would log into each connected instance (such as MISP A) using their sync user (belonging to org A) and create the data as your organisation only (to org A). This means that you would get data pushed to your instance (MISP B) but you would not be able to see it (as org A) since the data is your org only to the remote instance's organisation (org B). I know, it sounds confusing, but this is the reason why pushes happen for data that is connected community and higher and pulls can happen for org only data. Hope this clears it up :) |
BTW, if you are interested in trainings, we offer free training courses in Luxembourg for MISP: Usage/administration: https://en.xing-events.com/EJKDRZP.html |
Thanks again for the support. Cheers. |
Excellent thanks for the feedback. |
Expected behavior
Org Admins can view / edit / populate events.
Actual behavior
Org Admins can not view / populate events. Other roles can!
Steps to reproduce the behavior
Create an Org Admin for an organization. Click on an event. Internal Server Error occurs.
When role of user is changed (to read-only, admin,..) event can be viewed and/or modified.
Logs, screenshots, configuration dump, ...
2019-08-20 11:50:54 Error: [PDOException] SQLSTATE[42S22]: Column not found: 1054 Unknown column 'AttributeTag.local' in 'where clause'
Request URL: /events/view/19635
Stack Trace:
#0 /opt/appdir/http/MISP/app/Lib/cakephp/lib/Cake/Model/Datasource/DboSource.php(502): PDOStatement->execute(Array)
#1 /opt/appdir/http/MISP/app/Lib/cakephp/lib/Cake/Model/Datasource/DboSource.php(468): DboSource->_execute('SELECT
Attribu...', Array) #2 /opt/appdir/http/MISP/app/Lib/cakephp/lib/Cake/Model/Datasource/DboSource.php(715): DboSource->execute('SELECT
Attribu...', Array, Array)#3 /opt/appdir/http/MISP/app/Lib/cakephp/lib/Cake/Model/Datasource/DboSource.php(1564): DboSource->fetchAll('SELECT
Attribu...', Array) #4 /opt/appdir/http/MISP/app/Lib/cakephp/lib/Cake/Model/Datasource/DboSource.php(1398): DboSource->_fetchHasMany(Object(Attribute), 'SELECT
Attribu...', Array)#5 /opt/appdir/http/MISP/app/Lib/cakephp/lib/Cake/Model/Datasource/DboSource.php(1411): DboSource->queryAssociation(Object(Attribute), Object(AttributeTag), 'hasMany', 'AttributeTag', Array, Array, true, Array, 1, Array)
#6 /opt/appdir/http/MISP/app/Lib/cakephp/lib/Cake/Model/Datasource/DboSource.php(1257): DboSource->queryAssociation(Object(Event), Object(Attribute), 'hasMany', 'Attribute', Array, Array, true, Array, 2, Array)
#7 /opt/appdir/http/MISP/app/Lib/cakephp/lib/Cake/Model/Model.php(3040): DboSource->read(Object(Event), Array)
#8 /opt/appdir/http/MISP/app/Lib/cakephp/lib/Cake/Model/Model.php(3012): Model->_readDataSource('all', Array)
#9 /opt/appdir/http/MISP/app/Model/Event.php(2077): Model->find('all', Array)
#10 /opt/appdir/http/MISP/app/Controller/EventsController.php(1587): Event->fetchEvent(Array, Array)
#11 [internal function]: EventsController->view('19635')
#12 /opt/appdir/http/MISP/app/Lib/cakephp/lib/Cake/Controller/Controller.php(499): ReflectionMethod->invokeArgs(Object(EventsController), Array)
#13 /opt/appdir/http/MISP/app/Lib/cakephp/lib/Cake/Routing/Dispatcher.php(193): Controller->invokeAction(Object(CakeRequest))
#14 /opt/appdir/http/MISP/app/Lib/cakephp/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke(Object(EventsController), Object(CakeRequest))
#15 /opt/appdir/http/MISP/app/webroot/index.php(92): Dispatcher->dispatch(Object(CakeRequest), Object(CakeResponse))
#16 {main}
SQL Query:
MariaDB [misp02]> describe attribute_tags;
+--------------+---------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+--------------+---------+------+-----+---------+----------------+
| id | int(11) | NO | PRI | NULL | auto_increment |
| attribute_id | int(11) | NO | MUL | NULL | |
| event_id | int(11) | NO | MUL | NULL | |
| tag_id | int(11) | NO | MUL | NULL | |
+--------------+---------+------+-----+---------+----------------+
4 rows in set (0,00 sec)
Might be in correlation to Issue #4658
Can an update to version 113 fix our issue?
Hope you guys can help us.
The text was updated successfully, but these errors were encountered: