Closed fribse closed 1 year ago
I'm not sure what error -3 means. Check that your POP3_SERVER value is correct and doesn't have extra spaces, quotes, etc, and that you can resolve the DNS hostname, and that it's accessible (via ping/telnet) from within that container -- Not just from the host. You will need to exec into the running dmarc2logstash container to verify this.
Hi @jertel I can't exec into the container, as it crashes all the time. I've gone ahead and done the painfull thing of deleting the messages with the reports, that didn't help at all. I've also tried deleting the old concated log files.
It seems to be a docker DNS resolution issue so you could try spinning up a temporary container to run your ping test.
docker run --rm --entrypoint bash -it jertel/dmarc2logstash
Then run the ping test against your popserver host.
Hi again
I managed to catch it while it was up
[root@alpha00035 docker]# docker exec -it dmarc2filebeat /bin/sh
/opt/dmarc2logstash # ping bounce.xxxxx.dk
PING bounce.XXXXX.dk (192.168.3.22): 56 data bytes
64 bytes from 192.168.3.22: seq=0 ttl=62 time=0.543 ms
64 bytes from 192.168.3.22: seq=1 ttl=62 time=0.490 ms
In the docker-compose it reads:
dmarc2filebeat:
image: jertel/dmarc2logstash:latest
container_name: dmarc2filebeat
mem_limit: 1073741824
volumes:
- ./dmarc/logs:/logs
- ./dmarc/dmarc2logstash.json:/opt/dmarc2logstash/dmarc2logstash.json
- ./dmarc/dmarclogs:/dmarclogs
environment:
- POP3_SERVER=bounce.XXX.dk
- POP3_USERNAME=dmarc@XXX.dk
- POP3_PASSWORD=XXX
- DELETE_MESSAGES=1
- JSON_OUTPUT_FILE=/dmarclogs/dmarc.json
- DELETE_FAILURES=1
- SLEEP_SECONDS=600
- SOCKET_TIMEOUT_SECONDS=10
restart: always
depends_on:
- filebeat_for_dmarc
My next debugging steps would be to hardcode the DNS into the container. Add this to your docker-compose:
extra_hosts:
- "popserver.dk:192.168.3.22"
Replacing the popserver.dk with your actual POP3 hostname.
Another debugging step is to try hardcoding the POP3 server IP directly into the POP3_SERVER variable.
Good idea, I changed the variable to use the IP directly, and now I see it scroll through messages, not sure what to grep for in the logfile to see the connection command...
There are a few docker DNS related parameters you can play with, if you want to avoid hardcoding the IP long-term. Look at the Docker documentation and perhaps try using an explicit DNS server inside the container.
I made it work as it should now, thankyou for your help!
I have finally managed to get the elastic stack migrated to new hardware, and I've restarted the dmarc2logstash. There are currently 55000+ reports waiting.
But I see this message when it runs:
The docker-compose is built like this:
I can ping the popserver, and also telnet to port 110 from the host. Any ideas on how to proceed?