Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stomp collector failed #2342

Closed
ludoComp9 opened this issue Mar 23, 2023 · 4 comments
Closed

Stomp collector failed #2342

ludoComp9 opened this issue Mar 23, 2023 · 4 comments
Labels
bug Indicates an unexpected problem or unintended behavior component: bots

Comments

@ludoComp9
Copy link

Hello,

I'm trying to collect data from n6 CERT.pl from a intelMQ running on docker compose instance.

  • From intelmq docker container, I installed stomp6 python library as described in
  • I defined client certifcates typing: openssl req -newkey rsa:4096 -nodes -keyout client.key > client.pem from /opt/intelmq/intelmq/bots/collectors/stomp container directory.
  • I added Stomp Collector from intelMQ Manager with:
    • exchange: I don't know what to define. What is exchange ? n6 API key ?
    • ssl_ca_certificate: /opt/intelmq/intelmq/bots/collectors/stomp/ca.pem
    • ssl_client_certificate: /opt/intelmq/intelmq/bots/collectors/stomp/client.pem
    • ssl_client_certificate_key: /opt/intelmq/intelmq/bots/collectors/stomp/client.pem

When I try to start collector, I can see following error message from collector logs:

2023-03-23 12:28:16,043 - Stomp-Collector - INFO - StompCollectorBot initialized with id Stomp-Collector and intelmq 3.1.0 and python 3.9.2 (default, Feb 28 2021, 17:03:44) as process 2155.
2023-03-23 12:28:16,043 - Stomp-Collector - INFO - Bot is starting.
2023-03-23 12:28:16,092 - Stomp-Collector - ERROR - Bot initialization failed.
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/dist-packages/intelmq/lib/bot.py", line 214, in __init__
    self.init()
  File "/usr/local/lib/python3.9/dist-packages/intelmq/bots/collectors/stomp/collector.py", line 92, in init
    self.__conn = stomp.Connection(host_and_ports=_host, use_ssl=True,
TypeError: __init__() got an unexpected keyword argument 'use_ssl'
2023-03-23 12:28:16,092 - Stomp-Collector - INFO - Bot stopped.

From https://jasonrbriggs.github.io/stomp.py/index.html#, 'use_ssl' parameter does not exist for Connection() function.

Any idea ? (for exchange and SSL)

Regards,
@sebix
Copy link
Member

sebix commented Mar 23, 2023 

  * exchange: _I don't know what to define. What is exchange ? n6 API key ?_

The exchange is the rabbitmq exchange (like a (URI) path). Ask CERT.pl about it.

When I try to start collector, I can see following error message from collector logs:

2023-03-23 12:28:16,043 - Stomp-Collector - INFO - StompCollectorBot initialized with id Stomp-Collector and intelmq 3.1.0 and python 3.9.2 (default, Feb 28 2021, 17:03:44) as process 2155.
2023-03-23 12:28:16,043 - Stomp-Collector - INFO - Bot is starting.
2023-03-23 12:28:16,092 - Stomp-Collector - ERROR - Bot initialization failed.
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/dist-packages/intelmq/lib/bot.py", line 214, in __init__
    self.init()
  File "/usr/local/lib/python3.9/dist-packages/intelmq/bots/collectors/stomp/collector.py", line 92, in init
    self.__conn = stomp.Connection(host_and_ports=_host, use_ssl=True,
TypeError: __init__() got an unexpected keyword argument 'use_ssl'
2023-03-23 12:28:16,092 - Stomp-Collector - INFO - Bot stopped.

From https://jasonrbriggs.github.io/stomp.py/index.html#, 'use_ssl' parameter does not exist for Connection() function.

Any idea ?

looks like the bot is incompatible with this version of the stomp library and needs an update

@sebix sebix added bug Indicates an unexpected problem or unintended behavior component: bots labels Mar 23, 2023
@zuo
Copy link
Contributor

zuo commented Sep 13, 2023
edited
Loading

A few remarks:

  • The compatibility problem is addressed in the PR STOMP-and-n6-related updates, fixes and enhancements, especially adding login-based authentication #2408.

  • @ludoComp9 Ad what is exchange: it should be a string in the format: /exchange/{your organization ID}/{binding key} -- where:

    • {your organization ID} is the identifier (a domain name) of your organization, e.g., my.example.org (as registered in n6)
    • {binding key} is a RabbitMQ-topic-key-like string, i.e., generally:
      • either just # or *.*.*.* (a catch-all one),
      • or a more detailed, consisting of four .-separated segments:
        • resource: inside (events that occurred within your network) or threats (threats which may be relevant/interesting for you, yet not necessarily related to your network), or * (wildcard, i.e., both);
        • category: one of the n6's event categories, or * (wildcard, i.e., all categories);
        • source-provider and source-channel: the two components of a data source identifier, each can be replaced with * (wildcard).

@zuo zuo mentioned this issue Sep 13, 2023
Closed
@zuo
Copy link
Contributor

zuo commented Sep 14, 2023

@ludoComp9 ...for example: /exchange/mydomain.tld/*.*.*.*

@zuo
Copy link
Contributor

zuo commented Oct 8, 2023

@sebix @ludoComp9

When it comes to the compatibility problem -- the PR #2408 already fixed it.

When it comes to the format of the exchange config parameter -- see my comments above (as well as some comments in #2364).

So I believe this ticket can be closed.

@sebix sebix closed this as completed Oct 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Indicates an unexpected problem or unintended behavior component: bots
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sebix @zuo @ludoComp9 and others