Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Writer Core is Missing

EDR: Writer Core is Missing

Environment

  • EDR Server: 6.X and above

Symptoms

  • Reoccurring error in /var/log/cb/enterprise log: 
    • <warning> cb.utils.solr_client - Error looking for writer partition. 
      <warning> cb.enterprise.tasks.solr_time_partitioner - Could not determine the current partition time. Skipping partitioning.

       

Cause

Writer core was not able to be created.

Resolution

  1. Stop services if they are running
    1. Single node: 
      service cb-enterprise stop
    2. Cluster: 
      /usr/share/cb/cbcluster stop
  2. If a empty core with a date newer than the prior writer core is present, skip to step 3. Otherwise, follow step 2:
    1. Create a new core directory:
      mkdir /var/cb/data/solr5/cbevents/cbevents_YYYY_MM_DD_HHmm/
      Example:  
      mkdir /var/cb/data/solr5/cbevents/cbevents_2017_08_14_1544/
    2. Set the correct permissions:
      chown cb:cb /var/cb/data/solr5/cbevents/CORENAME
      Example: 
      chown cb:cb /var/cb/data/solr5/cbevents/cbevents_2017_08_14_1544
  3. Set this core to the writer core through the core.properties file
    1. Create the file:
      touch /var/cb/data/solr5/cbevents/CORENAME/core.properties
      Example: 
      touch /var/cb/data/solr5/cbevents/cbevents_2017_08_14_1544/core.properties
    2. Set the correct permissions:

      chown cb:cb /var/cb/data/solr5/cbevents/CORENAME/core.properties

      Example:

      chown cb:cb /var/cb/data/solr5/cbevents/cbevents_2017_08_14_1544/core.properties

    3. Add the following content to the core.properties file:
      #Written by CarbonBlackSupport 
      #CURRENTDATE
      name=writer
      configSet=cbevents_v2
  4. Start Services
    1. Single node: 
      service cb-enterprise start
    2. Cluster: 
      /usr/share/cb/cbcluster start

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎01-18-2019
Views:
1714
Contributors