Attachments download from the Hive are really slow #654
Comments
cyberman6877
changed the title
cyberman6877
changed the title
cyberman6877
changed the title
|
Do you notice other slowness in TheHive, except attachment download ? |
|
I have the same issue... no exotic config as far I see... |
|
Do you use Docker too ? |
|
No I use dpkg package. |
|
Can you check that your antivirus or proxy doesn't affect the download ? |
|
Hi, e.g. I have a 84 KB Excel file, it takes more than 1 minutes. root@thehive:~# time curl -XGET -u user:pass "https://fqdn:9443/api/datastore/5f51145b2d31beb7e13c6d727607132c973b3dd5e240c7f4dad371d25e94c831?name=Filename%20Demo%20Test.xlsx" -o tmp real 1m0.184s |
|
Hi, My issue is exactly the same as the one highlighted by crackytsi. We are running on Docker. Nothing fancy in application.conf and checked antivirus and proxy, all check out. I personally think its Elasticsearch which is not designed for for retrieval of attachments but I can't prove it. Any ideas would be very much appreciated as it's very annoying to have to wait 2 minutes to download a 780KB file. |
|
@crackytsi Can you capture the network traffic while you curl the file ? It would be interesting to see http(s) and elasticsearch connections together in the same capture. |
|
Hi @To-om |
|
yes |
|
I have the file, but I don't know how to remove all the sensitive data... :-/ |
|
|
|
The easiest solution is to not use sensitive data: create a dedicated user and file. |
|
Ok, problem gets more complex.... Can I directly do a curl on Elastic-search? |
|
Everything happens on the same machine.... |
|
It seams that the problem is not related to ElasticSearch. I suspect SSL problem. |
|
Yes, you seems to be right. |
|
It is not a good news, it means that the problem is not in TheHive but in PlayFramework (or somewhere else) |
|
Do not shoot the messenger for bringing bad News :-( |
|
Same issue here. |
|
thanks to a workmate, he find a solution to bypass this issue. |
|
hmm, good to know, but technically I don't want to add an apache/nginx etc. for TheHive to make ssl to be fast ;) |
|
Yes, this is just a "bypass", this isn't solving the issue |
|
Thank you for all the work on this but technically we can't add an apache/nginx just to make this work although I appreciate it is an option and a workaround. Any idea on how this issue will be solved permanently in the Hive without this workaround? Also, is this Docker environment specific only? Thanks! |
|
No this isn't Docker specific |
|
Hi All, So where are we now with this? Thanks |
|
The problem seems to be related to SSL when SSL is configured on TheHive. I suspect a bug in PlayFramework (or AkkaHttp) but as long as I can not reproduce it, I will not be able to fix it or report it to the PlayFamework team. |
|
I can try to check next week if it is in any relation to data inside of thehive or related to certificate topics etc. |
|
@To-om After the upgrade from 3.0.10 to 3.1.0 suddenly the downloads are fast again. Does this bring any new idear? Or has the issue been solved indirectly in any kind? e.g. by encoding filenames |
|
Hi, @To-om This is really a bad bug. Do you have any hints or comments how we could identify the bug? If it helps we could do a web-conference. Do you think that is possible? I know you are very busy, but I think this bug has several related topics (like #760, #759, #654) Unforunately I'm don't understand scala, but maybe you can point me to the classes or lines of code that cover the https part? |
|
Hi @crackytsi, |
|
@To-om You will get all my support, just let me know what I can do ;) |
|
Hi @To-om Any update on this topic? |
|
I have the same problem -- downloading attachments is painfully slow when using the Chrome browser, but comparably fast when using the Firefox browser. Any thoughts on this? |
|
I see this bad boy was closed. We have the same issue here in July of 2022. Was this ever rectified officially? |
Request Type
Bug - Issue
Work Environment
| OS version (client) | Windows 7 .
| TheHive version / git hash |
TheHive 3.0.9
Elastic4Play 1.4.6
Play 2.6.7
Elastic4s 5.6.0
ElasticSearch 5.6.2
CORTEX
CORTEX-PHSA - 2.0.4 (OK)
cortex1 - 2.0.4 (OK)
| Package Type | Docker - 18.03.1-ce
| Browser type & version | CHrome - Version 67.0.3396.87
Problem Description
When we want to download a document of any type from the Hive, it takes a long time to download, for example - 780KB file (less than 1mb) takes approximate 2 minutes waiting before the file download has initiated,
Steps to Reproduce
Docker compose settings are:
PLEASE NOTE SOME OF THE INFORMATION IN THIS FILE HAVE BEEN TRIMMED FOR SECURITY PURPOSES, SO BELOW IS ONLY A SAMPLE WITH WHAT WE THINK THE NECESSARY VALUES FOR YOU TO INVESTIGATE.
cat docker-compose.yml
version: "3"
services:
elasticsearch:
image: xxxxxx-elasticsearch:5.6.2
environment:
- http.host=0.0.0.0
- transport.host=0.0.0.0
- xpack.security.enabled=false
- cluster.name=hive
- script.inline=true
- thread_pool.index.queue_size=100000
- thread_pool.search.queue_size=100000
- thread_pool.bulk.queue_size=100000
ulimits:
nofile:
soft: 65536
hard: 65536
cortex:
image: xxxxxxxxx-cortex:2.0.4-1
depends_on:
- elasticsearch
- cortex
Possible Solutions:
''''''''''''''''''''''''''''''''''''''''''
We have eliminated the network since other docker containers share same internal subnet and file download speeds from other containers is fast (normal speed).
We suspect that we need to tune a parameter either above in the Docker configuration file or in ElastcSearch? could it be an index issue? Is there any parameters from ElasticSearch or Docker that we need to modify and increase?
I am also happy to send you an email directly from my organisation and we can setup a call to walk through it.
Thanks,
cyberman6877
The text was updated successfully, but these errors were encountered: