Trying to tail alerts.sqlite

[jeanlk15]

I am trying to tail -c +1 -f /opt/FalconGate/logs/alerts.sqlite, but seems not to be working, i suppose i want to push the output to a port instead of email.. any idea why this command fails ?

[A3sal0n]

Currently we store the alerts only in the file "alerts.sqlite" which is an Sqlite binary database (https://www.sqlite.org/index.html). If you'd like to read this file you will need a sqlite client. You can install sqlite3 in your RPi using the commands below:

$ sudo apt-get update $ sudo apt-get install sqlite3 -y

Once installed you could for example display all the entries in the "alerts.sqlite" database with the command below.

$ sqlite3 alerts.sqlite "SELECT * FROM alerts;"

You could then schedule a task to write this output to a plain text file or do some other processing with it. We have in our future plans to implement shipping logs to a remote syslog server for example but this is currently not among our priorities.

[jeanlk15]

as Standalone Email was not sending even though I have ssmtp set up and I can email from the Rpi, seems this is not working. I think thats where i decided to try the tail command. Is there something I must setup for Email of the alerts to happen ? ( other than put in the GUI Alert Receipients )

[A3sal0n]

The issue with the "standalone" emails is that they're not trusted and very often blocked or flagged as spam by many email providers like Google, Microsoft, etc. You could look in your spam folder to check if the alerts are not there.

We have two additional options for alerting as you can see in the screenshot below. The first is using a dedicated Gmail account and the second is using our cloud service.

Our cloud alerting service is free for up to 20 alerts per day but you must first register to obtain an API key: http://eepurl.com/cHtpQj. Once you will receive the key from us you can configure it in your administration web console.

[jeanlk15]

how is it with the new current github thumbnails - images are blocked ? see link https://ibb.co/bRWGg7 and older SD I have of some older version of falcongate is ok ?

For StandAlone Email where is the configuration to put our mail server etc ?

[A3sal0n]

Hi, The available OS image has an older version of Falcongate. It's ok to work with it but you won't have newer features available like the network traffic statistics per destination country. Could you share an example URL of one of the thumbnails blocked? It's possible that one or more of the open Threat Intel sources we query blacklisted it.

The standalone option for email alerts doesn't require you to configure an email server. You should provide just your recipient email address(es) in the field "Alert recipients". Multiple addresses should be separated by commas.

[jeanlk15]

Hi, Yes the current image shows nothing on statistics per destination country, does it need to work for a while to pick up a lot of data ? I have only 2 PCs here.

An image I see blocked is this one https://avatars1.githubusercontent.com/u/16090458?s=88&v=4 , which is also here as an image https://ibb.co/bRWGg7

Standalone email does not work, I have installed ssmtp, does that maybe cause an issue ? how can i configure the default email sending program ?

[A3sal0n]

It usually takes approximately 1hr until you will see traffic statistics in that dashboard. We calculate the stats every hour.

Thanks for sharing GitHub's url that gets blocked. This is indeed a false positive introduced by one of our open source feeds. We will fix this issue asap.

It's not possible for us to troubleshoot the issue with your standalone emails since we don't have access to your box. I recommend reinstalling your Falcongate system if the issue persists. If the issue continues even after reinstalling please let us know and we will look into it.

[jeanlk15]

If it works default install with stand alone email i will try again. I always need to setup some outgoing settings for my email smtp server ports, usernames etc.. a linux box is just a box without the email settings :) will never send anything as far as I know outside its own box

Sure, I will point out anything I see is odd, glad to help such a nice project

[A3sal0n]

Thanks for your feedback!