search

MISP / misp-dashboard

A live dashboard for a real-time overview of threat intelligence from MISP instances
GNU Affero General Public License v3.0
192 stars 66 forks source link

Issue with live dashboard #120

Closed dmolina213 closed 5 years ago

dmolina213 commented 5 years ago

Work environment |Type of issue | support |OS version (server) | RedHat |MISP| Implemented on docker/ubuntu |OS version (client) | windows 7 |PHP version | 7.2.10 |MISP version / git hash | v2.4.107 ()

I have a dockerized instance of MISP running on RHEL. I am trying to set up live dashboards using instructions from GIThub and https://www.vanimpe.eu/2017/10/31/misp-dashboard-real-time-visualization-misp-events/?unapproved=119326&moderation-hash=42c28b90ab7feb92001c20f2eebe64b6#comment-119326

Although I had some error /warning messages when running ./server.py see MISP/misp-dashboard#119 . I am able to bring up the dashboard but no data appears. I even tried to publish an event to zmq image image

Can anyone help me with this issue?

mokaddem commented 5 years ago

It seems that your server is not providing all files needed by the user interface to work. Could you check in your browser logs as well as on your installation folder if you can spot something that might cause your issue?

dmolina213 commented 5 years ago

what am i looking for in the installation folder? I cloned everything needed that is in the github. I was side tracked a bit but I will look into it. In all, I dont know what to really look for. Also I am running MISP in docker. would that need additional configurations ?

mokaddem commented 5 years ago

As long as the Dashboard has access to the MISP ZMQ, it should not be a problem to run it in a docker container. What does the browser console and network tabs says when you browse the trending page? It seems broken according to the screenshot.

dmolina213 commented 5 years ago

Right now, it says service unavailable. I stopped looking at it for 2 weeks. I may have to restart services again or do some troubleshooting. I this case do you know what and where should i start to look?
Anyways, back to answering your latest reply. The trendings page appears broken and i followed the steps listed in github that i know of. Are there others steps which I may have missed.

i followed this : Maybe we can start here to figure what is wrong

  1. Be sure to have a running redis server: e.g. ◦ redis-server -p 6250 <---- this is what I am seeing redis 16 0.6 1.5 208240 149256 ? Sl Aug06 61:47 /usr/bin/redis-server 0.0.0.0:6379. what is the -p option for. I am not familiar with Redis

  2. Update your configuration in config.cfg <- what do i need to update here

  3. Activate your virtualenv: < ---- I am able to do this part, but it just returns me back the prompt. with no error messages. So i am not if it was successful or not. Do you know what log files i should be looking at? ◦ . ./DASHENV/bin/activate

  4. Listen to the MISP feed by starting the zmq subscriber: ◦ ./zmq subscriber.py <-- when i run this i get this message on teh console: MISP Standard ZMQ b'misp_json_self {"status": "While you\'re dying I\'ll be still alive.", "uptime": 614390}' MISP Standard ZMQ b'misp_json_self {"status": "And when you\'re dead I will be still alive.", "uptime": 614400}' MISP Standard ZMQ b'misp_json_self {"status": "And believe me I am still alive.", "uptime": 614410}' MISP Standard ZMQ b'misp_json_self {"status": "I\'m doing science and I\'m still alive.", "uptime": 614420}'

  5. Start the dispatcher to process received messages: ◦ ./zmq dispatcher.py

  6. Start the Flask server: ◦ ./server.py

  7. Access the interface at http://localhost:8001/

dmolina213 commented 5 years ago

Let me know if the above makes sense and is the correct responses from MISP before i start venturing out and doing the rest of the commands.

dmolina213 commented 5 years ago

I tried running start_all.sh. I am getting an error when it tries to run ./server.py The scripts call to import pycountry. Traceback (most recent call last): File "./server.py", line 12, in import pycountry ModuleNotFoundError: No module named 'pycountry'

When i install it, it appears it is already installed: pip install pycountry Requirement already satisfied: pycountry in /usr/lib/python3/dist-packages (17.5.14)

Kortho commented 5 years ago

Had the same problem, here is a fix: https://github.com/MISP/misp-dashboard/pull/114 Its not optimal, but should work

dmolina213 commented 5 years ago

What do you mean by :

I'm not sure this is the correct way to do it. IMHO, you should be in an virtualenv before starting start_all.sh

@Kortho Kortho commented about 2 months ago sort of agree, but if so, it should be "python3 ${DIR}/server.py &" And all the stuff with venv could just be removed. By doing it this way, the code works, and the user does not have to worry about it at all (make it easier to be more secure for the user)

mokaddem commented 5 years ago

The start_all script has been written by different people and I guess everyone does not use the "standard way" if there is one.

For your issue, just make sure you are in a virtualenv before starting the script.

. ./DASHENV/bin/activate