jbremer
commented
7 years ago Did you restart Cuckoo and are VMs still running? :-)
Closed alonlavian closed 7 years ago
jbremer
commented
7 years ago Did you restart Cuckoo and are VMs still running? :-)
alonlavian
commented
7 years ago not sure i follow. it's not a VM it's a physical OSX
alonlavian
commented
7 years ago If the analysis is complete and the context is deleted, why is the result server trying to reach it?
jbremer
commented
7 years ago Somehow the physical machine is still trying to send data to the Cuckoo host. Likely the shutdown/reboot action isn't near-immediate as it is for VMs. We should probably change that logging message from critical to debug, it's not that interesting.
jbremer
commented
7 years ago Well, did that, I guess this can be closed then. Thanks for the feedback!
vikram-rajpuro
commented
6 years ago Hello @alonlavian I am trying to setup a Mach-O file Analysis Environment with Cuckoo. Have you successfully setup the Cuckoo for you.
thnx..
Hi, after analysis is completed, i get a critical error from resultserver:
2016-12-20 11:55:36,540 [lib.cuckoo.core.resultserver] DEBUG: File upload request for files/d7268c413eb4e696_product.db 2016-12-20 11:55:36,541 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 132 2016-12-20 11:55:36,981 [lib.cuckoo.core.guest] INFO: physical1: analysis completed successfully 2016-12-20 11:55:37,014 [lib.cuckoo.core.plugins] WARNING: Unable to stop auxiliary module: Potential error while running tcpdump, did not expect the following standard error output: '1 packet captured'. 2016-12-20 11:55:37,015 [modules.machinery.physical] DEBUG: Getting status for machine: osx. 2016-12-20 11:55:37,028 [modules.machinery.physical] DEBUG: Rebooting machine: osx. 2016-12-20 11:55:38,899 [lib.cuckoo.core.scheduler] DEBUG: Released database task #39 2016-12-20 11:55:38,920 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" on analysis at "/home/cuckoo/cuckoo/storage/analyses/39" 2016-12-20 11:55:38,921 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "MetaInfo" on analysis at "/home/cuckoo/cuckoo/storage/analyses/39" 2016-12-20 11:55:38,925 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" on analysis at "/home/cuckoo/cuckoo/storage/analyses/39" 2016-12-20 11:55:38,926 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "DroppedBuffer" on analysis at "/home/cuckoo/cuckoo/storage/analyses/39" 2016-12-20 11:55:38,929 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Debug" on analysis at "/home/cuckoo/cuckoo/storage/analyses/39" 2016-12-20 11:55:38,930 [lib.cuckoo.common.objects] WARNING: Unable to import yara (please compile from sources) 2016-12-20 11:55:38,932 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" on analysis at "/home/cuckoo/cuckoo/storage/analyses/39" 2016-12-20 11:55:38,932 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" on analysis at "/home/cuckoo/cuckoo/storage/analyses/39" 2016-12-20 11:55:38,933 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Procmon" on analysis at "/home/cuckoo/cuckoo/storage/analyses/39" 2016-12-20 11:55:38,934 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Static" on analysis at "/home/cuckoo/cuckoo/storage/analyses/39" 2016-12-20 11:55:39,649 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Strings" on analysis at "/home/cuckoo/cuckoo/storage/analyses/39" 2016-12-20 11:55:39,854 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" on analysis at "/home/cuckoo/cuckoo/storage/analyses/39" 2016-12-20 11:55:39,856 [modules.processing.network] DEBUG: Whitelisting Disabled. 2016-12-20 11:55:39,857 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" on analysis at "/home/cuckoo/cuckoo/storage/analyses/39" 2016-12-20 11:55:39,858 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" on analysis at "/home/cuckoo/cuckoo/storage/analyses/39" 2016-12-20 11:55:39,873 [lib.cuckoo.core.plugins] DEBUG: Running 418 signatures 2016-12-20 11:55:40,153 [lib.cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump" 2016-12-20 11:55:40,345 [lib.cuckoo.core.plugins] DEBUG: Executed reporting module "MongoDB" 2016-12-20 11:55:40,346 [lib.cuckoo.core.scheduler] INFO: Task #39: reports generation completed (path=/home/cuckoo/cuckoo/storage/analyses/39) 2016-12-20 11:55:40,375 [lib.cuckoo.core.scheduler] INFO: Task #39: analysis procedure completed 2016-12-20 11:55:47,240 [lib.cuckoo.core.resultserver] CRITICAL: ResultServer unable to map ip to context: 172.23.14.61. 2016-12-20 11:55:47,241 [lib.cuckoo.core.resultserver] CRITICAL: ResultServer unable to map ip to context: 172.23.14.61.