Since the last update, arp-scan sees the devices but does not update the interface #261
Comments
Walgo
changed the title
|
Hi there, Could you please give an example of what is happening? Also, can you please try clearing your cache, trying a different browser to make sure it's not browser related? If above doesn't help, try recreating the container after you backup your data via the CSV export feature. Thanks, |
jokob-sk
added
the
Waiting for reply⏳
|
Thx Jokob-sk for your reply. Ok ! I'v tried with Edge, same result ! docker run -d --rm --network=host -v /home/eric/pialert/config:/home/pi/pialert/config -v /home/eric/pialert/db:/home/pi/pialert/db -v /home/eric/pialert/log:/home/pi/pialert/front/log -v /home/eric/pialert/front/api:/home/pi/pialert/front/api -e TZ=Europe/Paris -e PORT=20211 jokobsk/pi.alert:latest to download again and enable. Then, stop and the docker compose command ! Thanks, Walgo |
|
I forgot your question... sorry Only 2 devices are selected with the good and same subnet enabled (192.168.0.0/24) and 20 devices are waiting to be selected by stats. I had no problem whith the 23.04.01. but the image is no longer available. Possibly, could you give me a link to download the 23.04.01 again ? (to try again this old version) |
|
Hi, Thanks for the details! Could you please explain what you mean by: " 20 devices are waiting to be selected by stats." Can you please try:
Please backup everything and start with an empty DB (use your old config, that should work). You can try some of the older dev builds, but I suggest trying the above at first. |
|
Hi Jokob, The two devices recognized are, the link with internet and the raspberry hosting Pialert (192.168.0.174) subnet 192.168.0.0/24 The log print the selected devices of the subnet. The arp-scan sees 20 devices but they are not selected in stats After the import of devices.csv and the following Ok, i try the last dev version ! i'll keep you posted ! Thanks a lot ! Walgo |
|
Thanks, @Walgo for the additional information, your last message was very helpful! I found 2 probable causes o this behavior and tried to fix them (maybe missing db.commit, maybe incorrect value in a variable). Can you please test this? Grab the latest dev build here: https://registry.hub.docker.com/r/jokobsk/pi.alert_dev If you still have issues, please share a few lines from your logs while your Thanks! |
|
Hi Jokob, Same problem ! Here is the log from "jokobsk/pi.alert_dev:latest" downloaded the 06/24/2023 at 00:05 local time 00:28:23 [API] Updating table_custom_endpoint.json file in /front/api 21 packets received by filter, 0 packets dropped by kernel 00:28:57 [ARP Scan] on Interface Completed with results: Thanks to you !! |
|
Hi, Thanks for the quick reply and details! Could you please ssh into the container and run: And also And post the output? What I think is happening is, that there is an error that is not visible in pialert logs and the output you see in this screen comes actually from the error log: The second line in this screenshot that starts with |
|
closing for now as no reply for a week, will reopen if needed |
|
Hi Jokob-sk, Sorry ! your demand ! arp-scan --ignoredups --retry=6 192.168.1.0/24 --interface=eth1 arp-scan --ignoredups --retry=6 192.168.1.0/24 --interface=eth0 My subnet is 192.168.0.0/24 so ! with the same command ! arp-scan --ignoredups --retry=6 192.168.0.0/24 --interface=eth1 arp-scan --ignoredups --retry=6 192.168.0.0/24 --interface=eth0 24 packets received by filter, 0 packets dropped by kernel |
|
Hi there, Thanks for the details! Can you grab the latest dev build here and test this again? I added a few more debug outputs. Please look for the string https://registry.hub.docker.com/r/jokobsk/pi.alert_dev It should also generate log files for arp-scan results with the name Thanks! |
|
Hi Jokob, The arp_scan_output_0.txt is empty. The log file, hope that helps ! Regards |
|
Hi @Walgo ! Thanks for ongoing testing! I've added even more debug details in the log, can you re-download the latest dev image and post the output again? The output should contain: BTW you can use ``` around code sections in your comments to make them more readable Thansk in advance, |
FYI : the result of ifconfig command in case of utility... ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 |
|
Alright - I disabled the try-catch statement of the LOG_LEVEL is set to Can you try to redownload the latest dev image? This should mean that your container will crash/restart, but it should give use a good error message about what's happening. Please run the container without the |
|
Ok ! i've removed the "-d" and downloaded again the latest dev image ! Here is the terminal log not the pialert.log docker run --rm --network=host -v /home/eri c/pialert/config:/home/pi/pialert/config -v /home/eric/pialert/db:/home/pi/pia lert/db -v /home/eric/pialert/log:/home/pi/pialert/front/log -v /home/eric/p ialert/front/api:/home/pi/pialert/front/api -e TZ=Europe/Paris -e PORT=20211 jokobsk/pi.alert_dev:latest 01:06:08 Permissions check (All should be True) 01:06:47 [PholusScan] Scan: Pholus SUCCESS and nothing else Thank's |
|
Thanks a lot! The error message indicates that the Can you verify when in the container, that executing this works fine? Here are a few steps you can take to troubleshoot the issue:
Can you try to verify / remove the user mapping in your docker compose? |
|
Hi Jokob, Thanks for your help !!! FYI I test with pialert:latest image Here are a few steps you can take to troubleshoot the issue: ***** Verification OK !****** ***** Verification OK !****** wget ftp.us.debian.org/debian/pool/main/libs/libseccomp/libseccomp2_2.5.4-1+b3_armhf.deb ************************ Actions done ! ************** Actions done ! **************** *********************** And... I think the winner is ... Can you try to verify / remove the user mapping in your docker compose?
I removed the user mapping HOST_USER_ID=1001 HOST_USER_GID=1001 And all is ok !! I'm very happy ! I am going to restore the csv to finalise ! Thanks a lot for your help Jokob ! |
|
Jokob it's great ! You're the best ! Walgo / Eric |
|
Gload it's working :) |
|
i have this exact same problem. removing the user mapping from the compose file doesn't seem to have fixed it for me at all. i just have the host machine and the router listed. |
|
Hey @crispybegs , Please try to follow the steps outlined in this post: https://github.com/jokob-sk/Pi.Alert/issues/261#issuecomment-1626350800 Thanks, |
Describe the issue
Since the last update, pialert sees the network but does not update the interface.
I'm sure I forgot something but I don't understand what ! thank you for your attention
Paste last few lines from
pialert.log08:34:27 Permissions check (All should be True)
08:34:27 ------------------------------------------------
08:34:27 /config/pialert.conf | READ | True
08:34:27 /config/pialert.conf | WRITE | True
08:34:27 /db/pialert.db | READ | True
08:34:27 /db/pialert.db | WRITE | True
08:34:27 ------------------------------------------------
08:34:27 [Setup] Attempting to fix permissions.
08:34:27 [Setup] Fix Failed. Execute this command manually inside of the container: sudo chmod a+rw -R /home/pi/pialert/db/pialert.db
08:34:27
08:34:27 [Setup] Attempting to fix permissions.
08:34:27 [Setup] Fix Failed. Execute this command manually inside of the container: sudo chmod a+rw -R /home/pi/pialert/config/pialert.conf
08:34:27
08:34:27 [Database] Opening DB
08:34:27 [upgradeDB] Re-creating Settings table
08:34:28 [upgradeDB] Re-creating Parameters table
08:34:31 [Config] reading config file
08:34:31 [Config] Plugins: Number of dynamically loaded plugins: 7
08:34:31 [Plugins] ---------------------------------------------
08:34:31 [Plugins] display_name: SNMP discovery
08:34:31 [Plugins] description: This plugin is used to discover devices via the arp table(s) of a RFC1213 compliant router or switch.
08:34:31 [Plugins] ---------------------------------------------
08:34:31 [Plugins] display_name: Rogue DHCP
08:34:31 [Plugins] description: This plugin is to use NMAP to monitor for rogue DHCP servers.
08:34:32 [Plugins] ---------------------------------------------
08:34:32 [Plugins] display_name: Un-Discoverable Devices
08:34:32 [Plugins] description: This plugin is to import undiscoverable devices from a file.
08:34:32 [Plugins] ---------------------------------------------
08:34:32 [Plugins] display_name: DHCP Leases
08:34:32 [Plugins] description: This plugin is to import devices from dhcp.leases files.
08:34:32 [Plugins] ---------------------------------------------
08:34:32 [Plugins] display_name: Website monitor
08:34:32 [Plugins] description: This plugin is to monitor status changes of services or websites.
08:34:33 [Plugins] ---------------------------------------------
08:34:33 [Plugins] display_name: Services (NMAP)
08:34:33 [Plugins] description: This plugin shows all services discovered by NMAP scans.
08:34:33 [Plugins] ---------------------------------------------
08:34:33 [Plugins] display_name: UniFi import
08:34:33 [Plugins] description: This plugin is used to import devices from an UNIFI controller.
08:34:48 [API] Update API starting
08:34:48 [API] Updating table_settings.json file in /front/api
08:34:48 [Config] Imported new config
08:34:48 [API] Update API starting
08:34:48 [API] Updating table_devices.json file in /front/api
08:34:48 [API] Updating table_nmap_scan.json file in /front/api
08:34:48 [API] Updating table_pholus_scan.json file in /front/api
08:34:48 [API] Updating table_events_pending_alert.json file in /front/api
08:34:48 [API] Updating table_plugins_events.json file in /front/api
08:34:48 [API] Updating table_plugins_history.json file in /front/api
08:34:48 [API] Updating table_plugins_objects.json file in /front/api
08:34:48 [API] Updating table_language_strings.json file in /front/api
08:34:48 [API] Updating table_custom_endpoint.json file in /front/api
08:34:48 [Internet IP] Check Internet IP started
08:34:48 [Internet IP] - Retrieving Internet IP
08:34:48 [Internet IP] IP: 82.XXX.XXX.XXX
08:34:48 [Internet IP] Retrieving previous IP:
08:34:48 [Internet IP] 82.XXX.XXX.XXX
08:34:48 [Internet IP] No changes to perform
08:34:48 [DDNS] Skipping Dynamic DNS update
08:34:48 [PholusScan] Scan: Pholus for 600s (10.0min)
08:34:48 [PholusScan] Pholus scan on [interface] eth0 [mask] 192.168.0.0/24
08:35:13 [PholusScan] Scan: Pholus SUCCESS
08:35:13 [MAIN] cycle:1
08:35:14 [Network Scan] Scan Devices:
08:35:14 [Network Scan] arp-scan start
08:35:26 [ARP Scan]Interface: eth0, type: EN10MB, MAC: b8:27:eb:80:e4:06, IPv4: 192.168.0.174
Starting arp-scan 1.9.7 with 256 hosts (https://github.com/royhills/arp-scan)
192.168.0.18 00:a2:f1:1e:8b:e0 (Unknown)
192.168.0.32 ba:34:88:00:1b:55 (Unknown: locally administered)
192.168.0.35 b8:27:eb:92:b5:00 Raspberry Pi Foundation
192.168.0.36 b8:27:eb:cd:0c:32 Raspberry Pi Foundation
192.168.0.31 a8:93:4a:94:d3:74 CHONGQING FUGUI ELECTRONICS CO.,LTD.
192.168.0.65 b8:27:eb:a3:82:e5 Raspberry Pi Foundation
192.168.0.82 3c:2a:f4:03:57:26 Brother Industries, LTD.
192.168.0.100 f0:2f:74:c7:15:c8 ASUSTek COMPUTER INC.
192.168.0.107 00:2a:2a:42:ff:2e (Unknown)
192.168.0.111 2c:4d:54:d7:88:a5 ASUSTek COMPUTER INC.
192.168.0.112 00:41:cb:77:1f:eb (Unknown)
192.168.0.124 00:24:d4:7d:2e:16 FREEBOX SAS
192.168.0.125 48:a9:8a:bc:91:dd Routerboard.com
192.168.0.126 14:dd:a9:07:f4:2c ASUSTek COMPUTER INC.
192.168.0.144 08:26:97:f4:3a:af Zyxel Communications Corporation
192.168.0.95 60:e3:27:25:fe:4b TP-LINK TECHNOLOGIES CO.,LTD.
192.168.0.154 00:de:54:60:a2:93 (Unknown)
192.168.0.160 08:26:97:f4:4d:b0 Zyxel Communications Corporation
192.168.0.170 5c:a6:e6:b7:63:f3 TP-Link Corporation Limited
192.168.0.254 34:27:92:47:b0:93 FREEBOX SAS
24 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.9.7: 256 hosts scanned in 12.143 seconds (21.08 hosts/sec). 20 responded
08:35:26 [Network Scan] arp-scan ends
08:35:26 [Process Scan] Processing scan results
08:35:26 [Process Scan] Print Stats
08:35:26 [Scan Stats] Devices Detected.......: 2
08:35:26 [Scan Stats] arp-scan detected..: 0
08:35:26 [Scan Stats] Pi-hole detected...: +0
08:35:26 [Scan Stats] New Devices........: 0
08:35:26 [Scan Stats] Devices in this cycle..: 2
08:35:26 [Scan Stats] Down Alerts........: 0
08:35:26 [Scan Stats] New Down Alerts....: 0
08:35:26 [Scan Stats] New Connections....: 0
08:35:26 [Scan Stats] Disconnections.....: 0
08:35:26 [Scan Stats] IP Changes.........: 0
08:35:26 [Process Scan] Stats end
08:35:26 [Process Scan] Updating DB Info
08:35:26 [Process Scan] Sessions Events (connect / discconnect)
08:35:26 [Process Scan] Creating new devices
08:35:26 [Process Scan] Updating Devices Info
08:35:26 [Process Scan] Resolve devices names
08:35:26 [Update Device Name] Trying to resolve devices without name
08:35:26 [Update Device Name] Pholus entries from prev scans: 16
08:35:26 [Update Device Name] Names Found (DiG/Pholus): 0 (0/0)
08:35:26 [Update Device Name] Names Not Found : 1
08:35:26 [Process Scan] Voiding false (ghost) disconnections
08:35:26 [Process Scan] Pairing session events (connection / disconnection)
08:35:26 [Process Scan] Creating sessions snapshot
08:35:26 [Process Scan] Inserting scan results into Online_History
08:35:26 [Process Scan] Skipping repeated notifications
08:35:26 [Skip Repeated Notifications] Skip Repeated start
08:35:26 [Skip Repeated Notifications] Skip Repeated end
08:35:26 [Notification] Check if something to report
08:35:26 [Notification] Open text Template
08:35:26 [Notification] Open html Template
08:35:26 [Notification] included sections: ['internet', 'new_devices', 'down_devices', 'events']
08:35:26 [Notification] Internet sections done.
08:35:26 [Notification] New Devices sections done.
08:35:26 [Notification] Down Devices sections done.
08:35:26 [Notification] Events sections done.
08:35:26 [Notification] No changes to report
08:35:26 [Notification] Notifications changes: 0
08:35:26 [MAIN] cycle:cleanup
08:35:26 [DB Cleanup] Upkeep Database:
08:35:26 [DB Cleanup] Online_History: Delete all but keep latest 150 entries
08:35:26 [DB Cleanup] Optimize Database
08:35:26 [DB Cleanup] Events: Delete all older than 90 days
08:35:26 [DB Cleanup] Plugin Events History: Delete all older than 90 days
08:35:26 [DB Cleanup] Pholus_Scan: Delete all older than 7 days
08:35:26 [DB Cleanup] Pholus_Scan: Delete all duplicates
08:35:26 Nmap_Scan: Delete all duplicates
08:35:26 Shrink Database
08:35:26 [MAIN] Last action: cleanup
08:35:26 [MAIN] cycle:
08:35:26 [MAIN] Process: Wait
08:35:32 [API] Update API starting
08:35:32 [API] Updating table_pholus_scan.json file in /front/api
08:35:32 [MAIN] waiting to start next loop
08:35:37 [API] Update API starting
08:35:37 [Process Scan] Processing scan results
08:35:37 [Process Scan] Print Stats
08:35:37 [Scan Stats] Devices Detected.......: 0
08:35:37 [Scan Stats] arp-scan detected..: 0
08:35:37 [Scan Stats] Pi-hole detected...: +0
08:35:37 [Scan Stats] New Devices........: 0
08:35:37 [Scan Stats] Devices in this cycle..: 0
08:35:37 [Scan Stats] Down Alerts........: 0
08:35:37 [Scan Stats] New Down Alerts....: 0
08:35:37 [Scan Stats] New Connections....: 0
08:35:37 [Scan Stats] Disconnections.....: 0
08:35:37 [Scan Stats] IP Changes.........: 0
08:35:37 [Process Scan] Stats end
08:35:37 [Process Scan] Updating DB Info
08:35:37 [Process Scan] Sessions Events (connect / discconnect)
08:35:37 [Process Scan] Creating new devices
08:35:37 [Process Scan] Updating Devices Info
08:35:37 [Process Scan] Resolve devices names
08:35:37 [Update Device Name] Trying to resolve devices without name
08:35:37 [Update Device Name] Pholus entries from prev scans: 6
08:35:38 [Update Device Name] Names Found (DiG/Pholus): 0 (0/0)
08:35:38 [Update Device Name] Names Not Found : 1
08:35:38 [Process Scan] Voiding false (ghost) disconnections
08:35:38 [Process Scan] Pairing session events (connection / disconnection)
08:35:38 [Process Scan] Creating sessions snapshot
08:35:38 [Process Scan] Inserting scan results into Online_History
08:35:38 [Process Scan] Skipping repeated notifications
08:35:38 [Skip Repeated Notifications] Skip Repeated start
08:35:38 [Skip Repeated Notifications] Skip Repeated end
08:35:38 [MAIN] Process: Wait
08:35:43 [API] Update API starting
08:35:43 [MAIN] waiting to start next loop
08:35:48 [API] Update API starting
08:35:48 [MAIN] waiting to start next loop
08:35:54 [API] Update API starting
#-----------------AUTOGENERATED FILE-----------------#
Generated: 2022-12-30_22-19-40
Config file for the LAN intruder detection app:
https://github.com/jokob-sk/Pi.Alert
#-----------------AUTOGENERATED FILE-----------------#
General
#---------------------------
Scan using interface eth0
SCAN_SUBNETS = ['192.168.1.0/24 --interface=eth0']
Scan multiple interfaces (eth1 and eth0):
SCAN_SUBNETS = [ '192.168.1.0/24 --interface=eth1', '192.168.1.0/24 --interface=eth0' ]
SCAN_SUBNETS=['192.168.0.0/24 --interface=eth0']
PRINT_LOG=False
TIMEZONE='Europe/Paris'
PIALERT_WEB_PROTECTION=False
PIALERT_WEB_PASSWORD='8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92'
INCLUDED_SECTIONS=['internet','new_devices','down_devices','events']
SCAN_CYCLE_MINUTES=5
DAYS_TO_KEEP_EVENTS=90
Used for generating links in emails. Make sure not to add a trailing slash!
REPORT_DASHBOARD_URL='http://pi.alert'
Email
#---------------------------
REPORT_MAIL=False
SMTP_SERVER='smtp.gmail.com'
SMTP_PORT=587
REPORT_TO='[email protected]'
REPORT_FROM='Pi.Alert [email protected]'
SMTP_SKIP_LOGIN=False
SMTP_USER='[email protected]'
SMTP_PASS='password'
SMTP_SKIP_TLS=False
Webhooks
#---------------------------
REPORT_WEBHOOK=False
WEBHOOK_URL='http://n8n.local:5555/webhook-test/aaaaaaaa-aaaa-aaaa-aaaaa-aaaaaaaaaaaa'
WEBHOOK_PAYLOAD='json' # webhook payload data format for the "body > attachements > text" attribute
# in https://github.com/jokob-sk/Pi.Alert/blob/main/docs/webhook_json_sample.json
# supported values: 'json', 'html' or 'text'
# e.g.: for discord use 'html'
WEBHOOK_REQUEST_METHOD='GET'
Apprise
#---------------------------
REPORT_APPRISE=False
APPRISE_HOST='http://localhost:8000/notify'
APPRISE_URL='mailto://smtp-relay.sendinblue.com:587?from=[email protected]&name=apprise&user=[email protected]&pass=password&to=[email protected]'
NTFY
#---------------------------
REPORT_NTFY=False
NTFY_HOST='https://ntfy.sh'
NTFY_TOPIC='replace_my_secure_topicname_91h889f28'
NTFY_USER='user'
NTFY_PASSWORD='passw0rd'
PUSHSAFER
#---------------------------
REPORT_PUSHSAFER=False
PUSHSAFER_TOKEN='ApiKey'
MQTT
#---------------------------
REPORT_MQTT=False
MQTT_BROKER='192.168.1.2'
MQTT_PORT=1883
MQTT_USER='mqtt'
MQTT_PASSWORD='passw0rd'
MQTT_QOS=0
MQTT_DELAY_SEC=2
DynDNS
#---------------------------
DDNS_ACTIVE=False
DDNS_DOMAIN='your_domain.freeddns.org'
DDNS_USER='dynu_user'
DDNS_PASSWORD='A0000000B0000000C0000000D0000000'
DDNS_UPDATE_URL='https://api.dynu.com/nic/update?'
PiHole
#---------------------------
if enabled you need to map '/etc/pihole/pihole-FTL.db' in docker-compose.yml
PIHOLE_ACTIVE=False
if enabled you need to map '/etc/pihole/dhcp.leases' in docker-compose.yml
DHCP_ACTIVE=False
Pholus
#---------------------------
PHOLUS_ACTIVE=False
PHOLUS_TIMEOUT=120
PHOLUS_FORCE=False
PHOLUS_DAYS_DATA=7
PHOLUS_RUN='once'
PHOLUS_RUN_TIMEOUT=600
PHOLUS_RUN_SCHD='0 4 * * *'
#-------------------IMPORTANT INFO-------------------#
This file is ingested by a python script, so if
modified it needs to use python syntax
#-------------------IMPORTANT INFO-------------------#
version: "3"
services:
pialert:
container_name: pialert
image: "jokobsk/pi.alert:latest"
network_mode: "host"
restart: always
volumes:
- /home/eric/pialert/config:/home/pi/pialert/config
- /home/eric/pialert/db:/home/pi/pialert/db
- /home/eric/log:/home/pi/pialert/front/log
environment:
- TZ=Europe/Paris
- HOST_USER_ID=1001
- HOST_USER_GID=1001
- PORT=20211
paste_here
The text was updated successfully, but these errors were encountered: