Import does not work about logontracer HOT 13 CLOSED

@shu-tom same for me, it does say import is successful but it only has the sample data in web ui to search.

I have mounted a local dir to container using the -v docker cmd and then attached to a interactive shell and deleted all records and then run an import and that worked. Not sure if this helps. Let me know if I should check something in the container before or after the web ui import that does not seem to load into the databases.

1 added the following to my start or the container
-v ~/myeventlogs/:/tmp/myeventlogs
2 attached myself to container on an interactive shell

docker exec -i -t 17a0aeb6d1b1 /bin/bash

3 removed existing data

cd /usr/local/src/LogonTracer/
python3 logontracer.py --delete
python3 logontracer.py -e /tmp/myeventlogs/myevents.evtx -z +9 -u neo4j -p password -s localhost

from logontracer.

I'm also having an issue uploading new data with the docker version.

from logontracer.

Same issue here. After uploading data, nothing show on the interface.

from logontracer.

Same issue. Using the docker image, uploading an evtx from a Win7 box doesn't have any data.

from logontracer.

Fixed an issue that the upload status bar of the Web UI was not updated.

Web UI uses Javascript, please enable it.
If the EVTX file is large, it takes time to analyze it.
And, if parse process is running, the following bar will be displayed.

Docker image has also been updated.

from logontracer.

Sometime Parsing process over 100%, in my case, it up to 105% and after that, it show success in status bar and notthing ...

from logontracer.

@tatdatpham After importing EVTX, you need to reload the web browser.

from logontracer.

@jared703 Are you able to get the UI to load? I had that problem initially and after waiting for a minute or two (literally) and hitting refresh on the browser the UI loaded. Using Chromium on Ubuntu 16.04

from logontracer.

@wh1t3-n01s3 I could before i pulled down the latest docker build, but after updating I can't get it to load at all. My setup was on OSX using Chrome.

from logontracer.

If you run netstat do you see port 8080 listening? On the new docker image after pulling the new one I had to kill the docker container, restart it, then wait a couple minutes before I saw port 8080 listening.

from logontracer.

@wh1t3-n01s3 seems to be working now. Had to take @hollow1's approach though.

from logontracer.

@tatdatpham Fixed a bug where the parse status over 100%.

from logontracer.

Fixed a issue that Web UI can not be used due to limitation of the number of simultaneous accesses of neo4j.
If you can not import the EXTX file, please add a new issue.

For information on how to import EVTX files, please refer to the following URL.
https://github.com/JPCERTCC/LogonTracer/wiki/How-to-Use
for Docker
https://github.com/JPCERTCC/LogonTracer/wiki/jump-start-with-docker

from logontracer.