Logstash VirusTotal plugin error

Jeeth · June 7, 2019, 4:47am

Dear team,

We are trying out logstash integration with ''logstash-filter-virustotal'' plugin which is a Virustotal Lookup filter for Logstash.
https://github.com/coolacid/logstash-filter-virustotal
I have installed this plugin and it is being shown in the logstash plugins list. Now i have included below piece of code in my logstash conf file.
virustotal {
apikey => 'KEY'
field => 'destinationip'
lookup_type => 'ip'
target => 'virustotal'
}
And my expectation is to get new fields in my index like
"virustotal.permalinks"
"virustotal.positives"
"virustotal.scanid" etc.
But Im getting the following error in logstash.
Logstash error:

[2019-06-06T13:42:32,712][INFO ][logstash.agent ] Pipelines running {:count=>3, :running_pipelines=>[:dhcp, :sophos, :ad], :non_running_pipelines=>[]}
[2019-06-06T13:42:32,739][INFO ][filewatch.observingtail ] START, creating Discoverer, Watch with file and sincedb collections
[2019-06-06T13:42:33,117][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2019-06-06T13:42:41,725][ERROR][org.logstash.execution.WorkerLoop] Exception in pipelineworker, the pipeline stopped processing new events, please check your filter configuration and restart Logstash.
org.jruby.exceptions.StandardError: (ConnectionFailed) execution expired
[2019-06-06T13:42:41,725][ERROR][org.logstash.execution.WorkerLoop] Exception in pipelineworker, the pipeline stopped processing new events, please check your filter configuration and restart Logstash.
org.jruby.exceptions.StandardError: (ConnectionFailed) execution expired
[2019-06-06T13:42:41,922][FATAL][logstash.runner ] An unexpected error occurred! {:error=>java.lang.IllegalStateException: org.jruby.exceptions.StandardError: (ConnectionFailed) execution expired, :backtrace=>["org.logstash.execution.WorkerLoop.run(org/logstash/execution/WorkerLoop.java:85)", "java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:498)", "org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(org/jruby/javasupport/JavaMethod.java:440)", "org.jruby.javasupport.JavaMethod.invokeDirect(org/jruby/javasupport/JavaMethod.java:304)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.start_workers(/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:235)", "org.jruby.RubyProc.call(org/jruby/RubyProc.java:295)", "org.jruby.RubyProc.call(org/jruby/RubyProc.java:274)", "org.jruby.RubyProc.call(org/jruby/RubyProc.java:270)", "java.lang.Thread.run(java/lang/Thread.java:748)"]}
[2019-06-06T13:42:41,974][ERROR][org.logstash.Logstash ] java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit

Could you please let me know what am i missing ?

Thanks,
Jeeth

Jeeth · June 10, 2019, 3:34am

@kvch @warkolm Could you please provide your inputs on this.

Christian_Dahlqvist · June 10, 2019, 5:10am

Given that this is a third party plugin I would recommend you reach out to the author on GitHub as it is possible few people here have experience using it.

system · July 8, 2019, 5:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.