Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to start isc-agent on fully updated pi 5 #287

Open
sbreaksalot opened this issue Feb 12, 2024 · 7 comments
Open

Unable to start isc-agent on fully updated pi 5 #287

sbreaksalot opened this issue Feb 12, 2024 · 7 comments

Comments

@sbreaksalot
Copy link

sbreaksalot commented Feb 12, 2024

I used the manual here to install dshield on a rapberry pi 5.
Raspberry pi 5 was fully updated and running the lastest PIOS light.
There is a naming resolution error in the log, but the pi can ping wesites.
I'v ereinstalled twice now, i get the same error.

status.txt
error.txt

@sbreaksalot sbreaksalot changed the title Unbale to start isc-agent on fully updated pi 5 Unable to start isc-agent on fully updated pi 5 Feb 12, 2024
@jullrich
Copy link
Contributor

looks like your system has trouble resolving "www4.dshield.org"

Could you try the following command:

curl https://www4.dshield.org/api/myip ?

it should return your IP address if all works well.

@sbreaksalot
Copy link
Author

sbreaksalot commented Feb 12, 2024

It returns my ip indeed.
The logs are uploaded. I can see them in my account.
But the status shows the agent as not running.

@jullrich
Copy link
Contributor

try a reboot. The "agent" will affect only the weblogs. If the agent doesn't run after a reboot, check

https://github.com/DShield-ISC/dshield/blob/main/docs/install-instructions/troubleshooting.md

@sbreaksalot
Copy link
Author

sbreaksalot commented Feb 12, 2024

I tried the troubleshooting steps you provided. The isc-agent.err atill gives the same error.
isc-agent is still not running.
starting the agent with isc-agent.py gives this output:

DEBUG :: 2024-02-12 21:42:44,952 :: <PID 1435:MainProcess> :: main :: L:13 :: ISC Agent starting
DEBUG :: 2024-02-12 21:42:45,163 :: <PID 1435:MainProcess> :: urllib3.connectionpool :: L:1019 :: Starting new HTTPS connection (1): www.dshield.org:443
DEBUG :: 2024-02-12 21:42:45,652 :: <PID 1435:MainProcess> :: urllib3.connectionpool :: L:474 :: https://www.dshield.org:443 "GET /api/honeypotrules/ HTTP/1.1" 200 None
DEBUG :: 2024-02-12 21:42:45,755 :: <PID 1435:MainProcess> :: plugins.tcp.http.main :: L:105 :: []
DEBUG :: 2024-02-12 21:42:45,756 :: <PID 1435:MainProcess> :: urllib3.connectionpool :: L:1019 :: Starting new HTTPS connection (1): www.dshield.org:443
DEBUG :: 2024-02-12 21:42:46,244 :: <PID 1435:MainProcess> :: urllib3.connectionpool :: L:474 :: https://www.dshield.org:443 "GET /api/honeypotrules/ HTTP/1.1" 200 None
INFO :: 2024-02-12 21:42:46,340 :: <PID 1435:MainProcess> :: plugins.tcp.http.main :: L:179 :: 8000
INFO :: 2024-02-12 21:42:46,342 :: <PID 1435:MainProcess> :: main :: L:18 :: Plugin http activated
DEBUG :: 2024-02-12 21:42:46,342 :: <PID 1435:MainProcess> :: main :: L:19 :: http options: {'protocol': 'tcp', 'name': 'http', 'http_ports': [8000], 'https_ports': [8443], 'submit_logs_rate': 300}

@jullrich
Copy link
Contributor

The output from isc-agent.py looks good. No error shown.

The error.txt file above shows that the name resolution for www4.dshield.org fails. Which is odd... in particular if the curl request for https://www4.dshield.org/api/myip succeeds. The root cause appears to be DNS. I can't come up with a scenario right now that would cause DNS to fail for the isc-agent, but not for "curl".

Maybe try to add a host file entry. Add this line to /etc/hosts on the Raspberry Pi:

159.223.154.178 www4.dshield.org

@sbreaksalot
Copy link
Author

Adding the ip to the hostfile doesn't resolve the issue.
Network is unreachable is the error now in the agent log

@sbreaksalot
Copy link
Author

reinstalled on a pi3, works just fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants