Hi,

Sometimes when we close offense from qradar, incidents remains open. After investigate logs, I saw these messages:

2020-01-12 17:41:25,389 ERROR [actions_component] STOMP listener: Error:
Not connected
2020-01-12 17:41:25,390 WARNING [actions_component] Failed 1 times to deliver Resilient ack for message ID:resilient.localdomain-39213-1569226763054-3:3:11076:1:1
2020-01-12 17:41:25,390 ERROR [actions_component] <Send[*] ()> (<class 'stompest.error.StompConnectionError'>): StompConnectionError: <Not connected>
  File "/usr/local/lib/python2.7/site-packages/circuits/core/manager.py", line 659, in _dispatcher
    value = event_handler(event, *eargs, **ekwargs)
  File "/usr/local/lib/python2.7/site-packages/resilient_circuits/stomp_component.py", line 232, in send
    self._client.send(destination, body=body.encode('utf-8'), headers=headers, receipt=receipt)
  File "/usr/local/lib/python2.7/site-packages/stompest/util/__init__.py", line 17, in __checkattr
    getattr(self, attribute)
  File "/usr/local/lib/python2.7/site-packages/stompest/sync/client.py", line 361, in _transport
    raise StompConnectionError('Not connected')​

Why stomps disconnects? 

Any help or document would be appreciated.

------------------------------
Jasmine
------------------------------

Unfortunately there are many reasons for this to happen. For example:

* a networking issue between qradar app and resilient
* memory limitations on the qradar app docker image

I suggest creating a support ticket to troubleshoot this.

Ben

------------------------------
Ben Lurie
------------------------------

Original Message:
Sent: Sun January 12, 2020 10:24 AM
From: Jasmine
Subject: Closing offense from qradar and resilient problem : stomp

Hi,

Sometimes when we close offense from qradar, incidents remains open. After investigate logs, I saw these messages:

2020-01-12 17:41:25,389 ERROR [actions_component] STOMP listener: Error:Not connected2020-01-12 17:41:25,390 WARNING [actions_component] Failed 1 times to deliver Resilient ack for message ID:resilient.localdomain-39213-1569226763054-3:3:11076:1:12020-01-12 17:41:25,390 ERROR [actions_component] <Send[*] ()> (<class 'stompest.error.StompConnectionError'>): StompConnectionError: <Not connected>  File "/usr/local/lib/python2.7/site-packages/circuits/core/manager.py", line 659, in _dispatcher    value = event_handler(event, *eargs, **ekwargs)  File "/usr/local/lib/python2.7/site-packages/resilient_circuits/stomp_component.py", line 232, in send    self._client.send(destination, body=body.encode('utf-8'), headers=headers, receipt=receipt)  File "/usr/local/lib/python2.7/site-packages/stompest/util/__init__.py", line 17, in __checkattr    getattr(self, attribute)  File "/usr/local/lib/python2.7/site-packages/stompest/sync/client.py", line 361, in _transport    raise StompConnectionError('Not connected')​

Why stomps disconnects? 

Any help or document would be appreciated.

------------------------------
Jasmine
------------------------------