Merge pull request #8 from NextronSystems/v4

chore: add AAC002
NextronSystems · Jan 30, 2024 · eee6fdc · eee6fdc
2 parents 0a4c85a + 69070a8
commit eee6fdc
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 2 deletions.
diff --git a/images/aac002.png b/images/aac002.png
diff --git a/issues/issues.rst b/issues/issues.rst
@@ -1,5 +1,74 @@
 .. Index:: List of Known Issues
 
+AAC#002: Scan stuck at Status "Unknown"
+---------------------------------------
+
+.. list-table::
+    :header-rows: 1
+    :widths: 50, 50
+
+    * - Introduced Version
+      - Fixed Version
+    * - 4.0.10
+      - in testing
+
+There is currently a bug in the Analysis Cockpit
+which prevents some Scans from being imported correctly.
+
+This is caused by very big events (a single event bigger
+than 64 Kb), which will cause the parser to error. The
+Analysis Cockpit can never finish importing this Scan.
+
+AAC#002: Fix
+~~~~~~~~~~~~
+
+We are currently testing the fix, which will skip
+larger events and finish importing the scan logs.
+
+You will also have the possibility to set the maximum
+size of a single log line in the advanced options,
+once the fix is released.
+
+You will additionally see failed Log imports in the
+Dashboard of your Analysis Cockpit.
+
+AAC#002: Check
+~~~~~~~~~~~~~~
+
+You can check if one of your scan logs is effected
+if the following conditions are met:
+
+You will see a scan which is in the Status ``Unknown``
+
+.. figure:: ../images/aac002.png
+    :alt: Scan stuck at Status ``Unknown``
+
+When you connect to your Analysis Cockpit via SSH
+and enter a root session, you can execute the following
+command to see if the error occured on one or more
+log files:
+
+.. code-block:: console
+
+    root@analysis:# grep -R "ERROR: bufio.Scanner: token too long" /var/log/asgard-analysis-cockpit
+    Jan 26 16:18:49 analysis analysiscockpit4[29459]: 2024-01-26T15:18:49Z [ERR] could not read events from file PATH: /var/lib/asgard-analysis-cockpit/events/upload_siduction_thor_2024-01-06.txt ERROR: bufio.Scanner: token too long
+
+You should see from the above output which log had
+problems, which should also be reflected in the filename:
+
+.. code-block:: console
+
+    root@analysis:# ls /var/lib/asgard-analysis-cockpit/events
+    upload_siduction_thor_2024-01-06.txt.problem
+
+The file has the ``.problem`` suffix, which indicates
+a problem during the import.
+
+Once you installed the update you can re-import the
+failed scan logs. You can either upload them manually
+again, or rename the files from the output above (remove
+the ``.problem`` suffix).
+
 AAC#001: Could not get table data: Data too large
 -------------------------------------------------
 
@@ -12,8 +81,6 @@ The below error might occur on complex searches or aggregations
 you have to increase the RAM of your Analysis Cockpit and reconfigure
 ElasticSearch to actually use more RAM.
 
-
-
 AAC#001: Fix
 ~~~~~~~~~~~~