search

JPCERTCC / LogonTracer

Investigate malicious Windows logon by visualizing and analyzing Windows event log
Other
2.73k stars 443 forks source link

logontracer.py start not working #62

Closed brandonstephens922 closed 4 years ago

brandonstephens922 commented 4 years ago

Trying to install on a fresh Ubuntu image.

Please see below for the error:

Traceback (most recent call last): File "logontracer.py", line 41, in import changefinder File "/home/uba9/.local/lib/python3.5/site-packages/changefinder/init.py", line 2, in import statsmodels.api as sm File "/home/uba9/.local/lib/python3.5/site-packages/statsmodels/api.py", line 3, in from . import iolib File "/home/uba9/.local/lib/python3.5/site-packages/statsmodels/iolib/init.py", line 1, in from .foreign import StataReader, genfromdta, savetxt File "/home/uba9/.local/lib/python3.5/site-packages/statsmodels/iolib/foreign.py", line 14, in from statsmodels.compat.python import (zip, lzip, lmap, lrange, string_types, long, lfilter, File "/home/uba9/.local/lib/python3.5/site-packages/statsmodels/compat/init.py", line 1, in from statsmodels.tools._testing import PytestTester File "/home/uba9/.local/lib/python3.5/site-packages/statsmodels/tools/init.py", line 1, in from .tools import addconstant, categorical File "/home/uba9/.local/lib/python3.5/site-packages/statsmodels/tools/tools.py", line 7, in import pandas as pd File "/home/uba9/.local/lib/python3.5/site-packages/pandas/init.py", line 55, in from pandas.core.api import ( File "/home/uba9/.local/lib/python3.5/site-packages/pandas/core/api.py", line 5, in from pandas.core.arrays.integer import ( File "/home/uba9/.local/lib/python3.5/site-packages/pandas/core/arrays/init.py", line 1, in from .array import array # noqa: F401 File "/home/uba9/.local/lib/python3.5/site-packages/pandas/core/arrays/array_.py", line 7, in from pandas.core.dtypes.common import ( File "/home/uba9/.local/lib/python3.5/site-packages/pandas/core/dtypes/common.py", line 11, in from pandas.core.dtypes.dtypes import ( File "/home/uba9/.local/lib/python3.5/site-packages/pandas/core/dtypes/dtypes.py", line 53, in class Registry: File "/home/uba9/.local/lib/python3.5/site-packages/pandas/core/dtypes/dtypes.py", line 84, in Registry self, dtype: Union[Type[ExtensionDtype], str] File "/usr/lib/python3.5/typing.py", line 552, in getitem dict(self.dict), parameters, _root=True) File "/usr/lib/python3.5/typing.py", line 512, in new for t2 in all_params - {t1} if not isinstance(t2, TypeVar)): File "/usr/lib/python3.5/typing.py", line 512, in for t2 in all_params - {t1} if not isinstance(t2, TypeVar)): File "/usr/lib/python3.5/typing.py", line 1077, in subclasscheck if super().subclasscheck(cls): File "/usr/lib/python3.5/abc.py", line 225, in subclasscheck for scls in cls.subclasses(): TypeError: descriptor 'subclasses' of 'type' object needs an argument

shu-tom commented 4 years ago

This issue may occur in Python 3.5.2 and earlier. Please update Python3.

brandonstephens922 commented 4 years ago

Upgrading to python 3.6.8 and will post results after testing.

brandonstephens922 commented 4 years ago

OK, I have upgraded to python 3.6.8

Now I am working through the following issue: pip3 install -r LogonTracer/requirements.txt Collecting numpy (from -r LogonTracer/requirements.txt (line 1)) Downloading https://files.pythonhosted.org/packages/d2/ab/43e678759326f728de861edbef34b8e2ad1b1490505f20e0d1f0716c3bf4/numpy-1.17.4-cp36-cp36m-manylinux1_x86_64.whl (20.0MB) 100% |████████████████████████████████| 20.0MB 69kB/s Collecting py2neo==3.1.2 (from -r LogonTracer/requirements.txt (line 2)) Downloading https://files.pythonhosted.org/packages/b1/ad/f482d5750fb01429dc38d9caf6a4541d5090962621209a82d6289748e8da/py2neo-3.1.2.tar.gz (100kB) 100% |████████████████████████████████| 102kB 6.0MB/s Collecting python-evtx (from -r LogonTracer/requirements.txt (line 3)) Downloading https://files.pythonhosted.org/packages/3d/d5/063da3356f0358b4c6d15be6485a36be69447e90bf8056a6c7d2327b6d07/python_evtx-0.6.1-py3-none-any.whl Collecting lxml (from -r LogonTracer/requirements.txt (line 4)) Downloading https://files.pythonhosted.org/packages/ec/be/5ab8abdd8663c0386ec2dd595a5bc0e23330a0549b8a91e32f38c20845b6/lxml-4.4.1-cp36-cp36m-manylinux1_x86_64.whl (5.8MB) 100% |████████████████████████████████| 5.8MB 251kB/s Collecting scipy==1.2.1 (from -r LogonTracer/requirements.txt (line 5)) Downloading https://files.pythonhosted.org/packages/7f/5f/c48860704092933bf1c4c1574a8de1ffd16bf4fde8bab190d747598844b2/scipy-1.2.1-cp36-cp36m-manylinux1_x86_64.whl (24.8MB) 100% |████████████████████████████████| 24.8MB 55kB/s Collecting changefinder (from -r LogonTracer/requirements.txt (line 6)) Downloading https://files.pythonhosted.org/packages/42/2a/d0ea4c5a1a042c1dd503890615ddd20d1ae3c671b2f70e118abda29ef243/changefinder-0.03.tar.gz Collecting flask (from -r LogonTracer/requirements.txt (line 7)) Downloading https://files.pythonhosted.org/packages/9b/93/628509b8d5dc749656a9641f4caf13540e2cdec85276964ff8f43bbb1d3b/Flask-1.1.1-py2.py3-none-any.whl (94kB) 100% |████████████████████████████████| 102kB 7.0MB/s Collecting hmmlearn (from -r LogonTracer/requirements.txt (line 8)) Downloading https://files.pythonhosted.org/packages/d7/c5/91b43156b193d180ed94069269bcf88d3c7c6e54514a8482050fa9995e10/hmmlearn-0.2.2.tar.gz (146kB) 100% |████████████████████████████████| 153kB 5.2MB/s Complete output from command python setup.py egg_info: Traceback (most recent call last): File "", line 1, in File "/tmp/pip-build-j50px294/hmmlearn/setup.py", line 18, in raise ImportError("setuptools>=36.2 is required") ImportError: setuptools>=36.2 is required Error in sys.excepthook: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/apport_python_hook.py", line 63, in apport_excepthook from apport.fileutils import likely_packaged, get_recent_crashes File "/usr/lib/python3/dist-packages/apport/init.py", line 5, in from apport.report import Report File "/usr/lib/python3/dist-packages/apport/report.py", line 30, in import apport.fileutils File "/usr/lib/python3/dist-packages/apport/fileutils.py", line 23, in from apport.packaging_impl import impl as packaging File "/usr/lib/python3/dist-packages/apport/packaging_impl.py", line 23, in import apt File "/usr/lib/python3/dist-packages/apt/init.py", line 23, in import apt_pkg ModuleNotFoundError: No module named 'apt_pkg'

Original exception was:
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/tmp/pip-build-j50px294/hmmlearn/setup.py", line 18, in <module>
    raise ImportError("setuptools>=36.2 is required")
ImportError: setuptools>=36.2 is required

----------------------------------------

Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-j50px294/hmmlearn/

brandonstephens922 commented 4 years ago

After installing setuptools, the next error appears:

pip3 install -r LogonTracer/requirements.txt Collecting numpy (from -r LogonTracer/requirements.txt (line 1)) Using cached https://files.pythonhosted.org/packages/d2/ab/43e678759326f728de861edbef34b8e2ad1b1490505f20e0d1f0716c3bf4/numpy-1.17.4-cp36-cp36m-manylinux1_x86_64.whl Collecting py2neo==3.1.2 (from -r LogonTracer/requirements.txt (line 2)) Using cached https://files.pythonhosted.org/packages/b1/ad/f482d5750fb01429dc38d9caf6a4541d5090962621209a82d6289748e8da/py2neo-3.1.2.tar.gz Collecting python-evtx (from -r LogonTracer/requirements.txt (line 3)) Using cached https://files.pythonhosted.org/packages/3d/d5/063da3356f0358b4c6d15be6485a36be69447e90bf8056a6c7d2327b6d07/python_evtx-0.6.1-py3-none-any.whl Collecting lxml (from -r LogonTracer/requirements.txt (line 4)) Using cached https://files.pythonhosted.org/packages/ec/be/5ab8abdd8663c0386ec2dd595a5bc0e23330a0549b8a91e32f38c20845b6/lxml-4.4.1-cp36-cp36m-manylinux1_x86_64.whl Collecting scipy==1.2.1 (from -r LogonTracer/requirements.txt (line 5)) Using cached https://files.pythonhosted.org/packages/7f/5f/c48860704092933bf1c4c1574a8de1ffd16bf4fde8bab190d747598844b2/scipy-1.2.1-cp36-cp36m-manylinux1_x86_64.whl Collecting changefinder (from -r LogonTracer/requirements.txt (line 6)) Using cached https://files.pythonhosted.org/packages/42/2a/d0ea4c5a1a042c1dd503890615ddd20d1ae3c671b2f70e118abda29ef243/changefinder-0.03.tar.gz Collecting flask (from -r LogonTracer/requirements.txt (line 7)) Using cached https://files.pythonhosted.org/packages/9b/93/628509b8d5dc749656a9641f4caf13540e2cdec85276964ff8f43bbb1d3b/Flask-1.1.1-py2.py3-none-any.whl Collecting hmmlearn (from -r LogonTracer/requirements.txt (line 8)) Using cached https://files.pythonhosted.org/packages/d7/c5/91b43156b193d180ed94069269bcf88d3c7c6e54514a8482050fa9995e10/hmmlearn-0.2.2.tar.gz Collecting scikit-learn==0.19.2 (from -r LogonTracer/requirements.txt (line 9)) Downloading https://files.pythonhosted.org/packages/f9/c8/8db4108aba5e2166cd2ea4eafa1a4b82f89240a1fa85733029cc2358ad1f/scikit_learn-0.19.2-cp36-cp36m-manylinux1_x86_64.whl (4.9MB) 100% |████████████████████████████████| 4.9MB 277kB/s Collecting six (from python-evtx->-r LogonTracer/requirements.txt (line 3)) Downloading https://files.pythonhosted.org/packages/65/26/32b8464df2a97e6dd1b656ed26b2c194606c16fe163c695a992b36c11cdf/six-1.13.0-py2.py3-none-any.whl Collecting pytest-cov (from python-evtx->-r LogonTracer/requirements.txt (line 3)) Downloading https://files.pythonhosted.org/packages/b9/54/3673ee8be482f81527678ac894276223b9814bb7262e4f730469bb7bf70e/pytest_cov-2.8.1-py2.py3-none-any.whl Collecting pytest (from python-evtx->-r LogonTracer/requirements.txt (line 3)) Downloading https://files.pythonhosted.org/packages/93/16/f6dec5178f5f4141e80dfc4812a9aba88f5f29ca881f174ab1851181d016/pytest-5.2.2-py3-none-any.whl (227kB) 100% |████████████████████████████████| 235kB 4.4MB/s Collecting hexdump (from python-evtx->-r LogonTracer/requirements.txt (line 3)) Downloading https://files.pythonhosted.org/packages/55/b3/279b1d57fa3681725d0db8820405cdcb4e62a9239c205e4ceac4391c78e4/hexdump-3.3.zip Collecting statsmodels (from changefinder->-r LogonTracer/requirements.txt (line 6)) Downloading https://files.pythonhosted.org/packages/60/d6/e9859e68e7d6c916fdff7d8e0958a7f5813485c52fc20d061273eaaddb0c/statsmodels-0.10.1-cp36-cp36m-manylinux1_x86_64.whl (8.1MB) 100% |████████████████████████████████| 8.1MB 168kB/s Collecting nose (from changefinder->-r LogonTracer/requirements.txt (line 6)) Downloading https://files.pythonhosted.org/packages/15/d8/dd071918c040f50fa1cf80da16423af51ff8ce4a0f2399b7bf8de45ac3d9/nose-1.3.7-py3-none-any.whl (154kB) 100% |████████████████████████████████| 163kB 5.5MB/s Collecting Jinja2>=2.10.1 (from flask->-r LogonTracer/requirements.txt (line 7)) Downloading https://files.pythonhosted.org/packages/65/e0/eb35e762802015cab1ccee04e8a277b03f1d8e53da3ec3106882ec42558b/Jinja2-2.10.3-py2.py3-none-any.whl (125kB) 100% |████████████████████████████████| 133kB 6.4MB/s Collecting Werkzeug>=0.15 (from flask->-r LogonTracer/requirements.txt (line 7)) Downloading https://files.pythonhosted.org/packages/ce/42/3aeda98f96e85fd26180534d36570e4d18108d62ae36f87694b476b83d6f/Werkzeug-0.16.0-py2.py3-none-any.whl (327kB) 100% |████████████████████████████████| 327kB 3.3MB/s Collecting itsdangerous>=0.24 (from flask->-r LogonTracer/requirements.txt (line 7)) Downloading https://files.pythonhosted.org/packages/76/ae/44b03b253d6fade317f32c24d100b3b35c2239807046a4c953c7b89fa49e/itsdangerous-1.1.0-py2.py3-none-any.whl Collecting click>=5.1 (from flask->-r LogonTracer/requirements.txt (line 7)) Downloading https://files.pythonhosted.org/packages/fa/37/45185cb5abbc30d7257104c434fe0b07e5a195a6847506c074527aa599ec/Click-7.0-py2.py3-none-any.whl (81kB) 100% |████████████████████████████████| 81kB 7.4MB/s Collecting coverage>=4.4 (from pytest-cov->python-evtx->-r LogonTracer/requirements.txt (line 3)) Downloading https://files.pythonhosted.org/packages/51/b1/13609068fff1c8c056f0c4601ad6985cf5c1bbfc529196ab08bd2a57dc39/coverage-4.5.4-cp36-cp36m-manylinux1_x86_64.whl (205kB) 100% |████████████████████████████████| 215kB 4.8MB/s Collecting pluggy<1.0,>=0.12 (from pytest->python-evtx->-r LogonTracer/requirements.txt (line 3)) Downloading https://files.pythonhosted.org/packages/92/c7/48439f7d5fd6bddb4c04b850bb862b42e3e2b98570040dfaf68aedd8114b/pluggy-0.13.0-py2.py3-none-any.whl Collecting packaging (from pytest->python-evtx->-r LogonTracer/requirements.txt (line 3)) Downloading https://files.pythonhosted.org/packages/cf/94/9672c2d4b126e74c4496c6b3c58a8b51d6419267be9e70660ba23374c875/packaging-19.2-py2.py3-none-any.whl Collecting importlib-metadata>=0.12; python_version < "3.8" (from pytest->python-evtx->-r LogonTracer/requirements.txt (line 3)) Downloading https://files.pythonhosted.org/packages/f6/d2/40b3fa882147719744e6aa50ac39cf7a22a913cbcba86a0371176c425a3b/importlib_metadata-0.23-py2.py3-none-any.whl Collecting py>=1.5.0 (from pytest->python-evtx->-r LogonTracer/requirements.txt (line 3)) Downloading https://files.pythonhosted.org/packages/76/bc/394ad449851729244a97857ee14d7cba61ddb268dce3db538ba2f2ba1f0f/py-1.8.0-py2.py3-none-any.whl (83kB) 100% |████████████████████████████████| 92kB 8.2MB/s Collecting wcwidth (from pytest->python-evtx->-r LogonTracer/requirements.txt (line 3)) Downloading https://files.pythonhosted.org/packages/7e/9f/526a6947247599b084ee5232e4f9190a38f398d7300d866af3ab571a5bfe/wcwidth-0.1.7-py2.py3-none-any.whl Collecting more-itertools>=4.0.0 (from pytest->python-evtx->-r LogonTracer/requirements.txt (line 3)) Downloading https://files.pythonhosted.org/packages/45/dc/3241eef99eb45f1def35cf93af35d1cf9ef4c0991792583b8f33ea41b092/more_itertools-7.2.0-py3-none-any.whl (57kB) 100% |████████████████████████████████| 61kB 7.4MB/s Collecting attrs>=17.4.0 (from pytest->python-evtx->-r LogonTracer/requirements.txt (line 3)) Downloading https://files.pythonhosted.org/packages/a2/db/4313ab3be961f7a763066401fb77f7748373b6094076ae2bda2806988af6/attrs-19.3.0-py2.py3-none-any.whl Collecting atomicwrites>=1.0 (from pytest->python-evtx->-r LogonTracer/requirements.txt (line 3)) Downloading https://files.pythonhosted.org/packages/52/90/6155aa926f43f2b2a22b01be7241be3bfd1ceaf7d0b3267213e8127d41f4/atomicwrites-1.3.0-py2.py3-none-any.whl Collecting pandas>=0.19 (from statsmodels->changefinder->-r LogonTracer/requirements.txt (line 6)) Downloading https://files.pythonhosted.org/packages/52/3f/f6a428599e0d4497e1595030965b5ba455fd8ade6e977e3c819973c4b41d/pandas-0.25.3-cp36-cp36m-manylinux1_x86_64.whl (10.4MB) 100% |████████████████████████████████| 10.4MB 134kB/s Collecting patsy>=0.4.0 (from statsmodels->changefinder->-r LogonTracer/requirements.txt (line 6)) Downloading https://files.pythonhosted.org/packages/ea/0c/5f61f1a3d4385d6bf83b83ea495068857ff8dfb89e74824c6e9eb63286d8/patsy-0.5.1-py2.py3-none-any.whl (231kB) 100% |████████████████████████████████| 235kB 4.5MB/s Collecting MarkupSafe>=0.23 (from Jinja2>=2.10.1->flask->-r LogonTracer/requirements.txt (line 7)) Downloading https://files.pythonhosted.org/packages/b2/5f/23e0023be6bb885d00ffbefad2942bc51a620328ee910f64abe5a8d18dd1/MarkupSafe-1.1.1-cp36-cp36m-manylinux1_x86_64.whl Collecting pyparsing>=2.0.2 (from packaging->pytest->python-evtx->-r LogonTracer/requirements.txt (line 3)) Downloading https://files.pythonhosted.org/packages/c0/0c/fc2e007d9a992d997f04a80125b0f183da7fb554f1de701bbb70a8e7d479/pyparsing-2.4.5-py2.py3-none-any.whl (67kB) 100% |████████████████████████████████| 71kB 8.1MB/s Collecting zipp>=0.5 (from importlib-metadata>=0.12; python_version < "3.8"->pytest->python-evtx->-r LogonTracer/requirements.txt (line 3)) Downloading https://files.pythonhosted.org/packages/74/3d/1ee25a26411ba0401b43c6376d2316a71addcc72ef8690b101b4ea56d76a/zipp-0.6.0-py2.py3-none-any.whl Collecting pytz>=2017.2 (from pandas>=0.19->statsmodels->changefinder->-r LogonTracer/requirements.txt (line 6)) Downloading https://files.pythonhosted.org/packages/e7/f9/f0b53f88060247251bf481fa6ea62cd0d25bf1b11a87888e53ce5b7c8ad2/pytz-2019.3-py2.py3-none-any.whl (509kB) 100% |████████████████████████████████| 512kB 2.5MB/s Collecting python-dateutil>=2.6.1 (from pandas>=0.19->statsmodels->changefinder->-r LogonTracer/requirements.txt (line 6)) Downloading https://files.pythonhosted.org/packages/d4/70/d60450c3dd48ef87586924207ae8907090de0b306af2bce5d134d78615cb/python_dateutil-2.8.1-py2.py3-none-any.whl (227kB) 100% |████████████████████████████████| 235kB 4.7MB/s Building wheels for collected packages: py2neo, changefinder, hmmlearn, hexdump Running setup.py bdist_wheel for py2neo ... done Stored in directory: /home/uba9/.cache/pip/wheels/c9/6a/2d/17b797779377ef67241158c1e463883bee65ed4c948b1c8825 Running setup.py bdist_wheel for changefinder ... done Stored in directory: /home/uba9/.cache/pip/wheels/ab/1c/de/3c0c0e4a6ee252b83ae19b252f3ae4f0a8ba4799c253afbd92 Running setup.py bdist_wheel for hmmlearn ... error Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-build-eatu2xem/hmmlearn/setup.py';exec(compile(getattr(tokenize, 'open', open)(file).read().replace('\r\n', '\n'), file, 'exec'))" bdist_wheel -d /tmp/tmpioniw1obpip-wheel- --python-tag cp36: running bdist_wheel running build running build_py creating build creating build/lib.linux-x86_64-3.6 creating build/lib.linux-x86_64-3.6/hmmlearn copying lib/hmmlearn/init.py -> build/lib.linux-x86_64-3.6/hmmlearn copying lib/hmmlearn/utils.py -> build/lib.linux-x86_64-3.6/hmmlearn copying lib/hmmlearn/stats.py -> build/lib.linux-x86_64-3.6/hmmlearn copying lib/hmmlearn/_version.py -> build/lib.linux-x86_64-3.6/hmmlearn copying lib/hmmlearn/_utils.py -> build/lib.linux-x86_64-3.6/hmmlearn copying lib/hmmlearn/base.py -> build/lib.linux-x86_64-3.6/hmmlearn copying lib/hmmlearn/hmm.py -> build/lib.linux-x86_64-3.6/hmmlearn creating build/lib.linux-x86_64-3.6/hmmlearn/tests copying lib/hmmlearn/tests/test_gmm_hmm_new.py -> build/lib.linux-x86_64-3.6/hmmlearn/tests copying lib/hmmlearn/tests/test_gmm_hmm.py -> build/lib.linux-x86_64-3.6/hmmlearn/tests copying lib/hmmlearn/tests/test_gaussian_hmm.py -> build/lib.linux-x86_64-3.6/hmmlearn/tests copying lib/hmmlearn/tests/init.py -> build/lib.linux-x86_64-3.6/hmmlearn/tests copying lib/hmmlearn/tests/test_base.py -> build/lib.linux-x86_64-3.6/hmmlearn/tests copying lib/hmmlearn/tests/conftest.py -> build/lib.linux-x86_64-3.6/hmmlearn/tests copying lib/hmmlearn/tests/test_multinomial_hmm.py -> build/lib.linux-x86_64-3.6/hmmlearn/tests copying lib/hmmlearn/tests/test_utils.py -> build/lib.linux-x86_64-3.6/hmmlearn/tests running build_ext lib/hmmlearn/_hmmc.c:17:20: fatal error: Python.h: No such file or directory compilation terminated. error: Command "x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/tmp/pip-build-eatu2xem/hmmlearn/.eggs/numpy-1.17.4-py3.6-linux-x86_64.egg/numpy/core/include -I/usr/include/python3.6m -c lib/hmmlearn/_hmmc.c -o build/temp.linux-x86_64-3.6/lib/hmmlearn/_hmmc.o" failed with exit status 1

Failed building wheel for hmmlearn Running setup.py clean for hmmlearn Running setup.py bdist_wheel for hexdump ... done Stored in directory: /home/uba9/.cache/pip/wheels/d5/d1/f2/c8183b5863b3df595c2eeafd8e015a43dae13d403a959467c6 Successfully built py2neo changefinder hexdump Failed to build hmmlearn Installing collected packages: numpy, py2neo, six, more-itertools, zipp, importlib-metadata, pluggy, pyparsing, packaging, py, wcwidth, attrs, atomicwrites, pytest, coverage, pytest-cov, hexdump, python-evtx, lxml, scipy, pytz, python-dateutil, pandas, patsy, statsmodels, nose, changefinder, MarkupSafe, Jinja2, Werkzeug, itsdangerous, click, flask, scikit-learn, hmmlearn Running setup.py install for hmmlearn ... error Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-build-eatu2xem/hmmlearn/setup.py';exec(compile(getattr(tokenize, 'open', open)(file).read().replace('\r\n', '\n'), file, 'exec'))" install --record /tmp/pip-sn2n8uo8-record/install-record.txt --single-version-externally-managed --compile --user --prefix=: running install running build running build_py creating build creating build/lib.linux-x86_64-3.6 creating build/lib.linux-x86_64-3.6/hmmlearn copying lib/hmmlearn/init.py -> build/lib.linux-x86_64-3.6/hmmlearn copying lib/hmmlearn/utils.py -> build/lib.linux-x86_64-3.6/hmmlearn copying lib/hmmlearn/stats.py -> build/lib.linux-x86_64-3.6/hmmlearn copying lib/hmmlearn/_version.py -> build/lib.linux-x86_64-3.6/hmmlearn copying lib/hmmlearn/_utils.py -> build/lib.linux-x86_64-3.6/hmmlearn copying lib/hmmlearn/base.py -> build/lib.linux-x86_64-3.6/hmmlearn copying lib/hmmlearn/hmm.py -> build/lib.linux-x86_64-3.6/hmmlearn creating build/lib.linux-x86_64-3.6/hmmlearn/tests copying lib/hmmlearn/tests/test_gmm_hmm_new.py -> build/lib.linux-x86_64-3.6/hmmlearn/tests copying lib/hmmlearn/tests/test_gmm_hmm.py -> build/lib.linux-x86_64-3.6/hmmlearn/tests copying lib/hmmlearn/tests/test_gaussian_hmm.py -> build/lib.linux-x86_64-3.6/hmmlearn/tests copying lib/hmmlearn/tests/init.py -> build/lib.linux-x86_64-3.6/hmmlearn/tests copying lib/hmmlearn/tests/test_base.py -> build/lib.linux-x86_64-3.6/hmmlearn/tests copying lib/hmmlearn/tests/conftest.py -> build/lib.linux-x86_64-3.6/hmmlearn/tests copying lib/hmmlearn/tests/test_multinomial_hmm.py -> build/lib.linux-x86_64-3.6/hmmlearn/tests copying lib/hmmlearn/tests/test_utils.py -> build/lib.linux-x86_64-3.6/hmmlearn/tests running build_ext lib/hmmlearn/_hmmc.c:17:20: fatal error: Python.h: No such file or directory compilation terminated. error: Command "x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/home/uba9/.local/lib/python3.6/site-packages/numpy/core/include -I/usr/include/python3.6m -c lib/hmmlearn/_hmmc.c -o build/temp.linux-x86_64-3.6/lib/hmmlearn/_hmmc.o" failed with exit status 1

----------------------------------------

Command "/usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-build-eatu2xem/hmmlearn/setup.py';exec(compile(getattr(tokenize, 'open', open)(file).read().replace('\r\n', '\n'), file, 'exec'))" install --record /tmp/pip-sn2n8uo8-record/install-record.txt --single-version-externally-managed --compile --user --prefix=" failed with error code 1 in /tmp/pip-build-eatu2xem/hmmlearn/

brandonstephens922 commented 4 years ago

OK, it seems after running "sudo apt-get install python3.6-dev" all needed components have been installed and the pip3 install requirements.txt command is working. localhost:8080 is loading properly.

Recommendation is to include required python version and packages in documentation. Thank you.

brandonstephens922 commented 4 years ago

There still seems to be an issue with HMM. Files is uploaded but no graph or data is displayed:

[] Script start. 2019/11/12 09:15:11 [] Time zone is -4. [] Last record number is 206418. [] Start parsing the EVTX file. [] Parse the EVTX file /ubashare/Security.xml. [] Now loading 206400 records. [] Load finished. [] Total Event log is 206418. [] Calculate ChangeFinder. [] Calculate Hidden Markov Model. /home/uba9/.local/lib/python3.6/site-packages/hmmlearn/hmm.py:412: RuntimeWarning: divide by zero encountered in log return np.log(self.emissionprob_)[:, np.concatenate(X)].T [] Calculate PageRank. [] Creating a graph data. [] Creation of a graph data finished. [] Script end. 2019/11/12 09:46:45

brandonstephens922 commented 4 years ago

Started from scratch and decided to use a more current version of python (3.7.3) and I am stuck here. Processing fails with these errors.

[] Script start. 2019/11/13 10:45:19 [] Time zone is -4. [] Last record number is 206418. [] Start parsing the EVTX file. [] Parse the EVTX file /ubashare/Security.xml. [] Now loading 206400 records. [] Load finished. [] Total Event log is 206418. [] Calculate ChangeFinder. [] Calculate Hidden Markov Model. /home/uba9/.local/lib/python3.7/site-packages/hmmlearn/hmm.py:412: RuntimeWarning: divide by zero encountered in log return np.log(self.emissionprob_)[:, np.concatenate(X)].T [] Calculate PageRank. [] Creating a graph data. LogonTracer/logontracer.py:956: DeprecationWarning: Transaction.append(...) is deprecated, use Transaction.run(...) instead tx.append(statement_ip, {"IP": ipaddress, "rank": ranks[ipaddress], "hostname": hostname}) LogonTracer/logontracer.py:989: DeprecationWarning: Transaction.append(...) is deprecated, use Transaction.run(...) instead "detect": ",".join(map(str, detects[i]))}) LogonTracer/logontracer.py:994: DeprecationWarning: Transaction.append(...) is deprecated, use Transaction.run(...) instead tx.append(statement_domain, {"domain": domain}) LogonTracer/logontracer.py:999: DeprecationWarning: Transaction.append(...) is deprecated, use Transaction.run(...) instead "status": events["status"], "count": events["count"], "authname": events["authname"], "date": events["date"]}) LogonTracer/logontracer.py:1003: DeprecationWarning: Transaction.append(...) is deprecated, use Transaction.run(...) instead tx.append(statement_dr, {"user": username[:-1], "domain": domain}) LogonTracer/logontracer.py:1007: DeprecationWarning: Transaction.append(...) is deprecated, use Transaction.run(...) instead "end": datetime.datetime(endtime.timetuple()[:4]).strftime("%Y-%m-%d %H:%M:%S")}) [] Creation of a graph data finished. [*] Script end. 2019/11/13 11:15:20

brandonstephens922 commented 4 years ago

There looks to be data in the database but LogonTracer:8080 is not populating any data. All searches are failing. Sorry, meant to put that in the last post.

shu-tom commented 4 years ago

This error message is neo4j database connection failure. What is your neo4j version?

brandonstephens922 commented 4 years ago

neo4j-community-3.5.12

brandonstephens922 commented 4 years ago

I have completely removed neo4j from the system and reinstalled from a new package. All issues remain present. Please see output below: python3 LogonTracer/logontracer.py -e testing3.evtx -z -4 -u neo4j -p **** -s localhost [] Script start. 2019/11/14 08:30:47 [] Time zone is -4. [] Last record number is 29748. [] Start parsing the EVTX file. [] Parse the EVTX file testing3.evtx. [] Now loading 29700 records. [] Load finished. [] Total Event log is 29748. [] Calculate ChangeFinder. [] Calculate Hidden Markov Model. /home/uba9/.local/lib/python3.7/site-packages/hmmlearn/hmm.py:412: RuntimeWarning: divide by zero encountered in log return np.log(self.emissionprob_)[:, np.concatenate(X)].T [] Calculate PageRank. [] Creating a graph data. LogonTracer/logontracer.py:956: DeprecationWarning: Transaction.append(...) is deprecated, use Transaction.run(...) instead tx.append(statement_ip, {"IP": ipaddress, "rank": ranks[ipaddress], "hostname": hostname}) LogonTracer/logontracer.py:989: DeprecationWarning: Transaction.append(...) is deprecated, use Transaction.run(...) instead "detect": ",".join(map(str, detects[i]))}) LogonTracer/logontracer.py:994: DeprecationWarning: Transaction.append(...) is deprecated, use Transaction.run(...) instead tx.append(statement_domain, {"domain": domain}) LogonTracer/logontracer.py:999: DeprecationWarning: Transaction.append(...) is deprecated, use Transaction.run(...) instead "status": events["status"], "count": events["count"], "authname": events["authname"], "date": events["date"]}) LogonTracer/logontracer.py:1003: DeprecationWarning: Transaction.append(...) is deprecated, use Transaction.run(...) instead tx.append(statement_dr, {"user": username[:-1], "domain": domain}) LogonTracer/logontracer.py:1007: DeprecationWarning: Transaction.append(...) is deprecated, use Transaction.run(...) instead "end": datetime.datetime(endtime.timetuple()[:4]).strftime("%Y-%m-%d %H:%M:%S")}) [] Creation of a graph data finished. [] Script end. 2019/11/14 08:35:00

Once again, there is data in the database but the LogonTracer:8080 page is unable to successfully run any searches.

shu-tom commented 4 years ago

py2neo may not support Python3.7. Python3.6 is OK.

brandonstephens922 commented 4 years ago

Thank you, I will move to 3.6 and try again.

brandonstephens922 commented 4 years ago

After moving to python3.6 some errors are no longer present but I still get the divide by zero error.

[] Script start. 2019/11/14 10:00:45 [] Time zone is -4. [] Last record number is 29748. [] Start parsing the EVTX file. [] Parse the EVTX file testing3.evtx. [] Now loading 29700 records. [] Load finished. [] Total Event log is 29748. [] Calculate ChangeFinder. [] Calculate Hidden Markov Model. /home/uba9/.local/lib/python3.6/site-packages/hmmlearn/hmm.py:412: RuntimeWarning: divide by zero encountered in log return np.log(self.emissionprob_)[:, np.concatenate(X)].T [] Calculate PageRank. [] Creating a graph data. [] Creation of a graph data finished. [] Script end. 2019/11/14 10:05:19

Same issue still exists with search failing and no data present.

I am thinking at this point of scrapping the Ubuntu installation. This just doesn't seem to be compatible. Open to more testing if you have any additional thoughts.

brandonstephens922 commented 4 years ago

I have now tried as a last effort to delete all files and try the docker method on the same system. There is still some sort of communication problem between the webpage and the database. I am having the exact same error. I can see data in the database but running any search at all fails. Any last thoughts?

brandonstephens922 commented 4 years ago

Next finding: regardless of install method, browser being used, or java version there is a connection issue. I have tried jr8 and jre11. Chrome. edge, IE., and Chromium on a linux vm. All come back with the same errors.

neo4j-web.min.js:9 WebSocket connection to 'ws://127.0.0.1:7687/' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED

shu-tom commented 4 years ago

Something is blocking access to WebSocket. Check the OS settings or neo4j config.