CB Response: Cannot purge cbmodules via modulestore_purge cron job
Article ID: 289701
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- /var/log/cb/solr/debug.log shows the following error and some sort of corrupt MD5 in the log
-
org.apache.solr.common.SolrException: org.apache.solr.search.SyntaxError: Cannot parse 'md5:(
-
OR AE68�#0;#0;#0; ?#8;#4; U000a3bca��#1;(������ OR
-
- /var/log/cb/job-runner/job-runner.log shows modulestore_purge running, but never completes
Environment
- CB Response Server: 5.x and Higher
Cause
The MD5 of a binary is corrupted and cannot be processed
Resolution
- Manually delete the corrupt binary via curl.
- Verify the binaries to be deleted. Substitute <PARTIAL_BINARY> with the binary
-
sudo curl "http://localhost:8080/solr/cbmodules/select?q=md5:<PARTIAL_BINARY>*&rows=0&indent=true&wt=xml"
-
- If the only value was returned, it is safe to delete the binary by running:
-
curl http://localhost:8080/solr/cbmodules/update?commit=true -H "Content-Type: text/xml" -d "<delete><query>md5:<PARTIAL_BINARY>*</query></delete>"
-
- Verify the binaries to be deleted. Substitute <PARTIAL_BINARY> with the binary
Additional Information
- If more than one binary is returned, the query will need to be narrowed down. A value such as the start time should be specific enough to the corrupt binary. Substitute 2016-09-26T18:02:11.518Z with the desired timestamp
-
curl "http://localhost:8080/solr/cbmodules/select?q=md5:<PARTIAL_BINARY>*&server_added_timestamp:2016-09-26T18:02:11.518Z&rows=0&indent=true&wt=xml"
-
- server_added_timestamp can be found via the following query
-
curl 'http://127.0.0.1:8080/solr/cbmodules/select?q=md5:<PARTIAL_BINARY>*&rows=5&indent=true'
-
Feedback
Yes
No
Powered by
