Pulling logs from Elastic search

[DayNja]

Good day, hope you all are doing well.

im having a little bit of trouble pulling logs from my standalone Elastic instance

the command i ran is as follows
python3 logontracer.py --es --es-server https://192.168.1.2:9200 --es-cafile /home/ubuntu/elasticsearch-ca.pem --es-user elastic --es-pass Aabc98765! -z +4 -f 2023-06-15T08:00:00 -t 2023-06-16T08:00:30

and i get this error

Traceback (most recent call last):
File "logontracer.py", line 2880, in
main()
File "logontracer.py", line 2874, in main
parse_es(case)
File "logontracer.py", line 2321, in parse_es
context = create_default_context(cafile=FPATH + ES_CAFILE)
File "/usr/lib/python3.8/ssl.py", line 745, in create_default_context
context.load_verify_locations(cafile, capath, cadata)
FileNotFoundError: [Errno 2] No such file or directory

[SiteQ8]

It looks like the error is indicating that the file specified in the --es-cafile option (/home/ubuntu/elasticsearch-ca.pem) is not found. The FileNotFoundError: [Errno 2] No such file or directory suggests that the specified CA file cannot be located at the given path.

Here are a few steps to troubleshoot this issue:

1. Verify File Path:
   Double-check that the file /home/ubuntu/elasticsearch-ca.pem exists at the specified location. You can use the ls command in the terminal to list the files in the /home/ubuntu/ directory:

   ls /home/ubuntu/

   Ensure that elasticsearch-ca.pem is present.

2. Permissions:
   Ensure that the user running the Python script has the necessary permissions to access the file. You can use the ls -l command to check the file permissions:

   ls -l /home/ubuntu/elasticsearch-ca.pem

   Make sure the file is readable by the user running the script.

3. Correct File Path in Script:
   Confirm that the script itself is referencing the correct file path. Open the logontracer.py script and locate the line where the create_default_context function is called with cafile=FPATH + ES_CAFILE. Ensure that FPATH is defined correctly and that the concatenation with ES_CAFILE results in the correct file path.

4. Use Absolute Path:
   Instead of relying on the current working directory, provide the full absolute path to the CA file in the command. For example:

   python3 logontracer.py --es --es-server https://192.168.1.2:9200 --es-cafile /home/ubuntu/elasticsearch-ca.pem --es-user elastic --es-pass Aabc98765! -z +4 -f 2023-06-15T08:00:00 -t 2023-06-16T08:00:30

   This ensures that there is no ambiguity about the file path.

After performing these checks, you should be able to determine if the issue is related to the file's presence, permissions, or how it's referenced in the script.