MISP Live Dashboard is working BAD

[b00lpy]

Work environment

Questions	Answers
Type of issue	Bug/Support
OS version (server)	Ubuntu
OS version (client)	10, Ubuntu, ...
PHP version	7.1
MISP version / git hash	latest
Browser	chrome/firefox

Expected behavior

When I publish events in ZMQ these should appear in MISP Live Dashboard, but nothing happens. And another problem is that the light is always red, I can't understand how to actual be sure MISP and its dashboard are communicating correctly and how to manage that relations

Steps to reproduce the behavior

Install misp, create an event, publish it also on ZMQ.

Logs, screenshots, configuration dump, ...

EDIT: A good thing would be the scrolling available in log view...

[mokaddem]

Could you try to run the diagnostic.py script? What's the output?

[b00lpy]

This is what I got:

(DASHENV) user@host:/var/www/misp-dashboard$ ./diagnostic.py
✔ Virtual environment and packages
✔ Configuration
✔ File permission
✔ Redis
✔ Zmq
✔ Processes status: Both processes are running
✖ Subscriber status: zmq_subscriber seems not to be working.
        ➥ Consider restarting it: 1821 /var/www/misp-dashboard/DASHENV/bin/python ./zmq_subscriber.py -n misp1 -u tcp://localhost:50000
✔ Buffer queue: Currently 0 items in the buffer
✔ Dispatcher status: Took 0.18s to complete
✔ Server listening: http://127.0.0.1:8001/_get_log_head reached. Status code [200]
✖ Server dynamic enpoint: Dynamic endpoint did not returned data in the given time (15sec)

Tried to do the ➥ Consider restarting it command but the output remains the same

[mokaddem]

Could you check in the logs if you have something unusual for the zmq_subscriber? Also checking inside the Misp_Dashboard screen under the subscriber window might be helpful.

[b00lpy]

Thank you! Found that zmq_subscriber.py needs to be manually started (thought that installation inserted also this inside the rc.local. Now i can upload events inside the dashboard, but i think this need also a lot of fixes:

1. Dashboard fullscren on Chrome keeps "dancing"
2. Geolocalization features not working good. Top location not shown and queries misses some events

[mokaddem]

In the CIRCL provided VM, you should have an entry for zmq_subsciberS.py, which will spawn zmq_subscriber.py processes according to your configuration; meaning, it should work out of the box. If it's not the case and you manage to found out why (or give us some pointer) it would help us a lot.

1. What do you mean by "dancing"?
2. Remember that the dashboard never ever do a query against MISP, the content is entirely based on the data received from the ZMQ channel. If the data was not send by MISP or the subscriber was not listening, you will miss it. Also the geolocation resolving is not performed on every attribute. If you are missing an attribute type, please open an issue. If you are willing to contribute to this project, feel free to open a pull request.

[b00lpy]

I fixed the boot situation with some script, but this is not the main problem.

1. The right side of the web gui keeps moving, it seems it can't find the exact screen size and keeps adjusting his size. ONLY IN CHROME
2. Understood that, by the way I found out that all data I inserted yesterday today is visible inside the MISP Geolocalisation page, but yesterday wasn't, is this normal too?

PS: In my Live Dashboard page I'm unable to scroll logs, and probably is intentional. But I think this feature should be enabled in order to avoid keep moving from MISP and dashboard each time. Can this be a feature request? :)

[mokaddem]

1. Weird.
2. It's not normal. Maybe an index error while fetching data. Will have a look at these at some point...

Sure, a detailed feature request (please include what and why).

[b00lpy]

UPDATE:

This part actually happens only if MISP is running inside a VM. I installed a new instance on a real server as a normal process and this doesn't happen anymore.

1. The right side of the web gui keeps moving, it seems it can't find the exact screen size and keeps adjusting his size. **ONLY IN CHROME**

[mokaddem]

Wow this is funky. If the version of the MISP-Dashboard is the same, you should have the same issue as you are using the same browser. Glad you manage to make it work anyway.

[hack2802]

Hello dear, Plese i finished my MISP installation and the dashboard is working but i do not have the maps. Can you please help me to solve this?