Comments (16)
@unixfox but you already can do that. Can you please be more specific what you need/want.
from maltrail.
I want to analyse logs from multiple sensors in the main web interface (Server) but I didn't found any documentation about that.
from maltrail.
Are multiple sensors (e.g. one sensor per interface) being run on same machine or different? If on different, you can use the LOG_SERVER
for setting the collecting address where sensors should send their data to. That should be the same machine as the server itself.
from maltrail.
Minor update:
LOG_SERVER
should point to the collecting machine (same whereserver.py
is being run)UDP_ADDRESS
should be the listening address (leave it to0.0.0.0
)
from maltrail.
Two sensor on two different machine and one main web interface on one machine.
I'll try, thank you !
from maltrail.
I'll most probably rename UDP_ADDRESS
to something like: LOG_ADDRESS
from maltrail.
I tried to configure sensors and server but web interface returns null informations.
Chrome console returns me : Failed to load resource: the server responded with a status of 404 (Not Found) : https://x.x.x.x:8338/events?date=2015-12-18
Config file on the first machine (one sensor) : https://paste.unixfox.eu/ixegupuvob.
Config file on the second machine (with one sensor and the web interface) : https://paste.unixfox.eu/vetejumora.
What I have done wrong?
from maltrail.
Looks ok. That 404 just means that there are no events for that date.
Can you please do the test ping on the remote sensor (https://paste.unixfox.eu/ixegupuvob) and recheck the web interface on the server:
ping -c 1 136.161.101.53
from maltrail.
I've already tried it but the web interface don't find any event.
When I do cat /var/log/maltrail/$(date +"%Y-%m-%d").log
, the terminal returns me strange logs :
"2015-12-17 19:09:42.923035" vps07 x.x.x.x 30640 x.x.x.x 25900 TCP IP x.x.x.x "potential port scanning" (heuristic)
"2015-12-17 19:09:43.019070" vps07 x.x.x.x 36626 x.x.x.x 25901 TCP IP x.x.x.x "potential port scanning" (heuristic)
"2015-12-17 19:09:42.843072" vps07 x.x.x.x 26071 x.x.x.x 25501 TCP IP x.x.x.x "potential port scanning" (heuristic)
My logs are full of false positives because the ip of the attacker comes from the machine hosting my second sensor.
from maltrail.
When you set up the remote sensor and server then the server's log files should be filled. I don't know in your case where did you find that /var/log/maltrail/$(date +"%Y-%m-%d").log
. Also, the ping I've mentioned should produce the conficker warning at the server logs.
As of false positives, I am not sure that I understand what's going on in your case. From what I can see there are lots of connections on different ports going on in those logs
from maltrail.
Ok I found a strange bug, sensors are using UTC but python server is using default time zone (CEST) so when I visited the web interface returns it for me 2015-12-18 date.
Is it possible to whitelist an IP on the sensors ?
from maltrail.
whitelisting is possible. first please update to the latest revision.
there is a new option in maltrail.conf
called USER_WHITELIST
. just add the IPs there.
p.s. with the latest revision there should not be 404s any more for empty date event data
from maltrail.
@unixfox please update now (haven't pushed till this moment)
from maltrail.
@stamparm Okay I'll try new update !
from maltrail.
@unixfox ok now?
from maltrail.
@stamparm Everything is working good, thank you so much !
from maltrail.
Related Issues (20)
- [BUG]False Positive 185.199.109.133 HOT 1
- Custom image HOT 5
- Netflow or Span Port HOT 1
- [Feature Request] Show Number Of Past Entries HOT 1
- IP: 117.17.191.45 | Malware HOT 1
- [Feature Request] HOT 1
- Maltrail won't boot HOT 8
- Running a docker container built with your Dockerfile both server.py and sensor.py fail to restart. HOT 4
- [Questions and Support] ModuleNotFoundError: No module named 'thirdparty.six.moves' HOT 4
- [Feature Request] Integrate IPinfo's free database for ASN+country enrichment, filters, and eliminating HTTP calls HOT 4
- [Questions and Support] The server.py does not raise if I define an ip in UDP_ADDRESS HOT 6
- External IP Flagged in Blocklist in Maltrail and Appears to also be affecting blocks on other sites... HOT 18
- Windows 11 Returns HOT 9
- [BUG] cruzit URL changed HOT 1
- [BUG] python six module HOT 10
- [BUG] Fortinet block page (fortinet-block-page-55.fortinet.com) listed as malicious. HOT 2
- Bad domains HOT 2
- [Questions and Support] Maltrail not listening on port 8337/udp HOT 6
- [Feature Request] Improvement for PHP-inj detection (TellYouThePass Ransomware)
- Not really an Issue HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from maltrail.