[Solved] Maltrail plugin just stopped detecting anything

Started by Taomyn, August 14, 2019, 09:25:06 AM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
October 25, 2019, 08:41:41 PM #15
Quote from: mimugmail on October 25, 2019, 07:23:57 PM
You mean with pppoe?

pppoe is not being used
October 25, 2019, 09:54:54 PM #16
So this also happens when you only enable it on WAN?
October 28, 2019, 07:38:45 AM #17
Seems fine for mine on just the PPPoE WAN interface, it was also on LAN but I found it was occasionally maxing the CPU out when under load (large downloads/heavy traffic), so I removed LAN. I haven't rebooted since so there's still that to try, but I'm still getting data.
October 28, 2019, 03:58:36 PM #18
Quote from: mimugmail on October 25, 2019, 09:54:54 PM
So this also happens when you only enable it on WAN?

I enabled it on WAN-only for the last couple of days for testing purposes, and it seems to have stayed up.  All other configurations, including WAN+LAN+WLAN or the default ("select none = all") lead to failure within 36 hours.

From my perspective, if WAN-only is the only configuration that works there's really no point in running this plug-in.
October 28, 2019, 07:54:45 PM #19
It's maybe something related to tun, but if you dont help troubleshooting I cant help with it.
October 28, 2019, 10:02:37 PM #20 Last Edit: October 28, 2019, 10:10:23 PM by firewall
I'm not sure why you suspect I'm unwilling to help troubleshoot...I enabled it for WAN-only for 2 days, as you suggested.

The only thing logged in /var/log/maltrail/error.log are SIGTERM events from my start/stop of the server (and/or sensor) via the gui.  I've not found a way to enable verbose logging in maltrail so perhaps I try to run it from terminal with some type of verbose python3 output?

edit: i see it's using python2.7, and trying to run sensor.py with python3 results in "please install pcapy".  i have sensor.py running via term on 2.7 now.  will monitor and report back.
October 29, 2019, 07:10:19 AM #21
If it's running fine for WAN test the next Interface (OpenVPN) which is not standard. When you find it you can run maltrail in foreground to see whats happening.

Python 3 is not supported yet by maltrail itself. This will take some more weeks by the maltrail devs
October 29, 2019, 06:50:43 PM #22
Quote from: mimugmail on October 29, 2019, 07:10:19 AM
When you find it you can run maltrail in foreground to see whats happening.

Yep, spun that up last night.  Monitoring all preferred interfaces, including OVPN.  Will report back either at 48 hr. mark (longer than daemon ever ran) or if it errors out in foreground...whichever comes first. :)

Code Select

root@pudding:/usr/local/share/maltrail # python2.7 /usr/local/share/maltrail/sensor.py
Maltrail (sensor) #v0.15

[i] using configuration file '/usr/local/share/maltrail/maltrail.conf'
[i] using '/var/log/maltrail' for log storage
[?] at least 384MB of free memory required
[i] using '/root/.maltrail/trails.csv' for trail storage (last modification: 'Mon, 28 Oct 2019 21:10:23 GMT')
[i] loading trails...
[i] 643,538 trails loaded
[i] opening interface 'igb2'
[i] opening interface 'igb3'
[i] opening interface 'igb1'
[i] opening interface 'ovpnc3'
[i] opening interface 'ovpnc1'
[i] opening interface 'ovpnc4'
[i] setting capture filter 'udp or icmp or (tcp and (tcp[tcpflags] == tcp-syn or port 80 or port 1080 or port 3128 or port 8000 or port 8080 or port 8118))'
[i] preparing capture buffer...
[i] creating 3 more processes (out of total 4)
[?] please install 'schedtool' for better CPU scheduling
[o] running...
October 29, 2019, 06:52:15 PM #23
If you run all you cant precisely determine which one is responsible for breaking. Better test one by one
October 29, 2019, 11:17:08 PM #24 Last Edit: October 30, 2019, 06:54:35 AM by firewall
It ended up throwing 2 errors when attempting to update trails:

Code Select

Exception in thread Thread-2:
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/threading.py", line 801, in __bootstrap_inner
    self.run()
  File "/usr/local/lib/python2.7/threading.py", line 1073, in run
    self.function(*self.args, **self.kwargs)
  File "/usr/local/share/maltrail/core/parallel.py", line 67, in update_timer
    trails.update(_)
  File "/usr/local/share/maltrail/core/trailsdict.py", line 55, in update
    setattr(self, attr, getattr(value, attr))
AttributeError: 'TrailsDict' object has no attribute '_regex'


Code Select

Exception in thread Thread-1:
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/threading.py", line 801, in __bootstrap_inner
    self.run()
  File "/usr/local/lib/python2.7/threading.py", line 1073, in run
    self.function(*self.args, **self.kwargs)
  File "/usr/local/share/maltrail/sensor.py", line 769, in update_timer
    if "static" in trails[trail][1]:
  File "/usr/local/share/maltrail/core/trailsdict.py", line 78, in __getitem__
    return (self._infos[int(_[0])], self._references[int(_[1])])
IndexError: list index out of range


I noted that mailtrail.conf states a CUSTOM_TRAILS_DIR that does not exist: /usr/local/maltrail/trails/custom/

Shouldn't this be /usr/local/share/maltrail/trails/custom/ ?  I manually edited maltrail.conf for the proper directory and restarted the foreground process.  Will continue to monitor...
November 02, 2019, 01:19:27 AM #25
Quote from: mimugmail on October 29, 2019, 06:52:15 PM
If you run all you cant precisely determine which one is responsible for breaking. Better test one by one

Hi, running sensor.py against WAN interface alone led to same errors as before during the "updating trails" process.  Several instances of the "AttributeError: 'TrailsDict' object has no attribute '_regex'" error during the download process, and a single "IndexError: list index out of range" at the conclusion of the routine.
November 02, 2019, 07:59:07 AM #26
And these errors are responsible (or apprear)when the software Stop after 2 days?

Normally it runs fine on physical Interfaces, then we had the problem with pppoe which is now fixed by the author. I could imagine there might be a problem with OpenVpn like tun stuff. But for me there was never a reason to run against these since imho it only makes sense against WAN or LAN.
November 02, 2019, 07:51:03 PM #27
Quote from: mimugmail on November 02, 2019, 07:59:07 AM
And these errors are responsible (or apprear)when the software Stop after 2 days?

Normally it runs fine on physical Interfaces, then we had the problem with pppoe which is now fixed by the author. I could imagine there might be a problem with OpenVpn like tun stuff. But for me there was never a reason to run against these since imho it only makes sense against WAN or LAN.

The errors appear when downloading & updating trails...regardless of which interfaces are selected.  I used WAN-only for the last test, as you suggested, and it still encountered the errors I pasted previously.

By "author" I assume you mean maltrail dev?  Is he/she on this forum?
November 02, 2019, 08:36:38 PM #28
No, you can reach him here:
https://github.com/stamparm/maltrail

November 02, 2019, 11:10:01 PM #29
Quote from: mimugmail on November 02, 2019, 08:36:38 PM
No, you can reach him here:
https://github.com/stamparm/maltrail

Thanks.  I'll report back if there's something requiring change on OPN side but either way you're welcome to follow here: https://github.com/stamparm/maltrail/issues/4551
Print
Go Up Pages 1 2 3
User actions