encore.sh foreground error

[tklose]

After successful encore.sh test, I am seeing this error with the encore.sh foreground command.
I tried stopping the encore to reset the PID file but it still occurs.
It seems that data is being received at Azure Sentinel.
I did not set a outputter setting, as that seemed to break things more.
How do I resolve this?

File "./estreamer/service.py", line 180, in main
self.start( reprocessPkcs12 = args.pkcs12 )
File "./estreamer/service.py", line 140, in start
pidFile.create()
File "/home/username/fp-05-microsoft-sentinel-connector/estreamer/pidfile.py", line 38, in create
raise estreamer.EncoreException('PID file already exists')
estreamer.exception.EncoreException: PID file already exists

File "./estreamer/service.py", line 198, in
Service().main()
File "./estreamer/service.py", line 184, in main
self.logger.error(ex)
File "/home/username/fp-05-microsoft-sentinel-connector/estreamer/crossprocesslogging/baseClient.py", line 100, in error
self.log(logging.ERROR, data)
File "/home//username/fp-05-microsoft-sentinel-connector/estreamer/crossprocesslogging/baseClient.py", line 69, in log
data = self.__serialise( data )
File "/home//username/fp-05-microsoft-sentinel-connector/estreamer/crossprocesslogging/baseClient.py", line 35, in __serialise
message = data.class.name + ': ' + data.message
AttributeError: 'EncoreException' object has no attribute 'message'

[rraj1996]

Hi @tklose ,

Were you able to fix this?

Regards

[tklose]

This was not resolved. We tried modifying the config file, rolling it back, and editing our syslog server setting. Everytime you use the encore.sh Foreground command it will always throw an error. However, we are receiving the logs at the Azure Sentinel.... We are not using any outputter setting, although we tried.

…

On Tue, Sep 27, 2022 at 3:15 PM rraj1996 ***@***.***> wrote: Hi @tklose <https://github.com/tklose> , Were you able to fix this? Regards — Reply to this email directly, view it on GitHub <#5 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABSMOSJBSBMG33XA7R7L7LDWANBVDANCNFSM6AAAAAAQONKIYU> . You are receiving this because you were mentioned.Message ID: <CiscoSecurity/fp-05-microsoft-sentinel-connector/issues/5/1259941643@ github.com>

[thinkdreams]

If you're using the Python3 branch, see below my notes. This is from Cisco TAC after I had a call with them today:

Well, after much ado with Cisco TAC - I had a call with their devs today. Finally I now understand why things weren't working for me at least - and I'm hoping this is the fix for you guys as well.

Basically, Cisco's been updating the main repo, not the python3 branch. The main repo is now using python3 (and not python2 as was expected). The main branch works after I reinstalled it and ran it in the foreground. Going to do more testing, but data is flowing now.

Cisco stated they would be updating this repo and removing the python3 branch entirely to avoid confusion.

[rraj1996]

Thank you Craig, for the information.

…

On Fri, Dec 2, 2022 at 2:27 AM Craig ***@***.***> wrote: If you're using the Python3 branch, see below my notes. This is from Cisco TAC after I had a call with them today: Well, after much ado with Cisco TAC - I had a call with their devs today. Finally I now understand why things weren't working for me at least - and I'm hoping this is the fix for you guys as well. Basically, Cisco's been updating the main repo, not the python3 branch. The main repo is now using python3 (and not python2 as was expected). The main branch works after I reinstalled it and ran it in the foreground. Going to do more testing, but data is flowing now. Cisco stated they would be updating this repo and removing the python3 branch entirely to avoid confusion. — Reply to this email directly, view it on GitHub <#5 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALLEQX524LJU4BR5SXCS4WTWLEGLZANCNFSM6AAAAAAQONKIYU> . You are receiving this because you commented.Message ID: <CiscoSecurity/fp-05-microsoft-sentinel-connector/issues/5/1334434316@ github.com>