Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Alerting does not invoke webhook (no network traffic can be seen) #895

Closed
sekureco42 opened this issue May 17, 2024 · 1 comment
Closed

[BUG] Alerting does not invoke webhook (no network traffic can be seen) #895

sekureco42 opened this issue May 17, 2024 · 1 comment
Assignees
@Macbeth98
Labels
bug Something isn't working

Comments

@sekureco42
Copy link

Description

According to Kunal Alerting over webhook should work. But it does not - at least I can't see any network traffic issued from the alert logic.

Steps to Reproduce

  1. Define a Contact Point "Test":
    grafik

  2. Define the "Alert rule"
    grafik

  3. Made sure that data with that query is available:
    grafik

  4. Verified logs of SigLens:

time="2024-05-17 11:34:33" level=info msg="qid=852, Extracted node type 1 for query. ParallelismPerFile=1. Starting search..."
time="2024-05-17 11:34:33" level=info msg="qid=852, Unrotated query time filtering returned 1 segment keys to search out of 1. query elapsed time: 82.672µs"
time="2024-05-17 11:34:33" level=info msg="qid=852, Rotated query time filtering returned 584 segment keys to search out of 971. query elapsed time: 317.855µs"
time="2024-05-17 11:34:33" level=info msg="qid=852, Received 585 query segment requests. 585 raw search 0 pqs and 0 distribued query elapsed time: 493.644µs"
time="2024-05-17 11:34:33" level=warning msg="qid=852, pqid 11316652982541625021, QuerySummary: Finished in  303ms time. Total number of records searched 10651365. Total number of records matched=192. Total number of files searched=194. Total number of buckets created=1"
time="2024-05-17 11:34:33" level=warning msg="qid=852, pqid 11316652982541625021, QuerySummary: CMI layer checked 25468 total blocks, and 993 blocks passed. Total time: 136.528988ms. min (0.020594ms) max (35.406547ms) avg (0.23247863247863249ms) p95 (0.517903ms)"
time="2024-05-17 11:34:33" level=warning msg="qid=852, pqid 11316652982541625021, QuerySummary: RawSearch: Took 158ms time, after searching 194 files. RRCs were generated in 124ms"
time="2024-05-17 11:34:33" level=warning msg="qid=852, pqid 11316652982541625021, QuerySummary: RawSearch: File raw search time: min (0.341605ms) max (2.942454ms) avg (0ms) p95 (1.0302ms)"
time="2024-05-17 11:34:33" level=warning msg="qid=852, pqid 11316652982541625021, QuerySummary: RawSearch: Number of records matched 192, min/segment (0) max/segment (86)"
time="2024-05-17 11:34:33" level=info msg="qid=852, Finished execution in 303.87382ms"
time="2024-05-17 11:34:33" level=info msg="qid=852, Query Took 304 ms"
time="2024-05-17 11:34:33" level=error msg="ALERTSERVICE: evaluate: Empty response returned by server."
  1. In parallel a tcpdump
root@log24:/home/melete# tcpdump -nni any port 443
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes

No traffic was recorded

Expected Behavior

At least the call to the destination system on port 443 should be visible.

Environment

  • SigLens 0.2.5
  • OS: Ubunut 24.04

Bottom Line: Search is working - but calling of the webhook does not.
@sekureco42 sekureco42 added the bug Something isn't working label May 17, 2024
@Macbeth98
Copy link
Collaborator

This issue is fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Macbeth98 Macbeth98

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Macbeth98 @sekureco42