search

MISP / misp-grafana

A real-time Grafana dashboard using MISP ZeroMQ message queue and InfluxDB
https://misp.github.io/misp-grafana/
GNU Affero General Public License v3.0
16 stars 5 forks source link

MISP Docker support #2

Open kanekennedy opened 1 year ago

kanekennedy commented 1 year ago

Hi, I have tried to get this running in the "official" MISP Docker image and can not get the python script to run.

I have tried creating the env variables in the grafana and misp_web containers but have hit the end of my knowledge and google-fu.

My Grafana is connecting to InfluxDB with 3 buckets _monitoring _tasks and misp, I have also tried tcp://misp_web:50000 with the same error message.

root@b77ea19b6cc3:/var/www/MISP# python3 push_zmq_to_influxdb.py -id=external --url=tcp://localhost:50000 [INFO] [2023-08-31 09:49:14,372] - Subscribed to ZMQ Traceback (most recent call last): File "push_zmq_to_influxdb.py", line 187, in main() File "push_zmq_to_influxdb.py", line 166, in main client = InfluxDBClient( File "/usr/local/lib/python3.8/dist-packages/influxdb_client/client/influxdb_client.py", line 63, in init super().init(url=url, token=token, debug=debug, timeout=timeout, enable_gzip=enable_gzip, org=org, File "/usr/local/lib/python3.8/dist-packages/influxdb_client/client/_base.py", line 56, in init if self.url.endswith("/"): AttributeError: 'NoneType' object has no attribute 'endswith' Exception ignored in: <function InfluxDBClient.del at 0x7f40123a8670> Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/influxdb_client/client/influxdb_client.py", line 319, in del if self.api_client: AttributeError: 'InfluxDBClient' object has no attribute 'api_client'

righel commented 1 year ago

Hello @kanekennedy , 1) Which MISP docker repo do you mean by "official"? 2) Have you run pip install -r requirements.txt ? Can you run this and share the output?

    $ python3 -c "import influxdb_client; print(influxdb_client.__version__)"
    1.37.0

3) If your MISP instance is running inside docker, you may need to set Plugin.ZeroMQ_host to 0.0.0.0 or * and add a port forward in the docker-compose.yml file, example:

      ...
      misp:
        ports:
          - "80:80"
          - "443:443"
          - "50000:50000"

4) The script push_zmq_to_influxdb.py should be able to access InfluxDB container, so if you run it from inside the MISP docker container instead of your host machine, you will have to create a network so the MISP container can reach the InfluxDB.

Let me know if that helps.

kanekennedy commented 1 year ago

Thanks,

That has sent me down a slightly different direction. Upgraded the instance from Amazon Linux2 to AL2023 and running the python script outside of docker with the ports all opened.

I have the same influxdb client. 

[root@ip-10-0-1-146 /]# python3 -c "import influxdb_client; print(influxdb_client.__version__)"
1.37.0

Upgrading from AL2 to AL2023 introduces some different errors with the requirements around liburl3 so i need to work out the requirements it needs to run on the native os Python (3.9.16)