When I try to run /opt/selks/Scripts/Setup/selks-first-time-setup_stamus.sh on an already set up SELKS5 - there is very long hang on the Moloch init par tof the script. But if I execute the scripts in /opt/selks/Scripts/Setup/selks-first-time-setup_stamus.sh one by one - it works fine no issue.

@Jeroen0494 - have you experienced something similar ?

This is correct, you need to type in "INIT" to manually confirm to wipe the database. This is done by Moloch on purpose so you don't accidentally wipe your database.

On line 40 of the Moloch setup script you could do something like this:
yes INIT | /data/moloch/db/db.pl http://localhost:9200 init
I don't have a system to test it out on though, I'm not claiming this actually works and I shan't be responsible for the consequences...

Nope - in my case it does not as - just hangs there - see screenshot below:

That particular step always takes a while for me to if I have a lot of data in Elasticsearch, but it would never just 'hang'. Could you make the script more verbose by adding "set -x" to the top?

Ya - ok - so I experience the same, if there is data in ES it wait there a lot. Not sure why?

So after waiting long enough, the command does complete? I don't see you typing 'INIT' in the screenshot above, does this command actually execute?

The init command wipes all Moloch data in Elasticsearch via the API, including indexed PCAP files. If you have a lot of network traffic (and a lot of Elasticsearch data) this command takes a while. It also wipes the user database.

Yes - on both points. It just it takes while to come to the question of "type INIT" - the end user may keep wondering what is happening....

Hmm, that is weird. If I run the script as-is on a working system the question for INIT comes up immediately. And I have never experienced extreme slowness before that question comes up. My only thought would be the timeout in the curl command in the if-statement.

Moloch checks the status of Elasticsearch too, btw. So maybe you can even remove the curl, because this would mean double the waiting time.

That first curl check - comes out very fast - no wait time it just returns if ES is up or not, so i doubt it is because of it.
Ok then it is probably because of my VM set up maybe - if no one else experiences it ...

Hi Peter,

So I ran the first-time-setup script on an already configured system for some testing and it just hung there until I typed INIT, but it never asked for me to type it. Somehow the moloch init script doesn't forward it's output to the current terminal session, making it seem like the script froze.
I'm off for the holidays but maybe this gives you some more information for testing in the meantime.

Jeroen

ok.
Thanks for the follow up.
I think this should be fixed by - 2914453

Hi Peter,

Can this issue be closed?