search

jokob-sk / NetAlertX

🖧🔍 WIFI / LAN intruder detector. Scans for devices connected to your network and alerts you if new and unknown devices are found.
GNU General Public License v3.0
2.84k stars 163 forks source link

Another subnet scan issue #183

Closed renouji closed 1 year ago

renouji commented 1 year ago

I added my vpn vlan 192.168.60.0/29 and it won't scan it. Was causing the docker issue to stop with no trace of why in the logs either. Is there a way to get some debug level log that may help figure this out?

jokob-sk commented 1 year ago

Hi there,

Can you please provide your pialert.conf file?

Try running the container without the -d param in the docker compose command, for example sudo docker-compose up to get a proper error message when the container crashes.

renouji commented 1 year ago

I use unraid and don't have docker-compose.

ENABLE_ARPSCAN=True SCAN_SUBNETS=['192.168.10.0/24 --interface=eth0','192.168.20.0/24 --interface=eth0 -vlan=20','192.168.30.0/24 --interface=eth0 -vlan=30','192.168.60.0/29 --interface=eth0 -vlan=60'] PRINT_LOG=False TIMEZONE='America/Denver' PIALERT_WEB_PROTECTION=False PIALERT_WEB_PASSWORD='**' INCLUDED_SECTIONS=['internet','new_devices','down_devices'] SCAN_CYCLE_MINUTES=5 DAYS_TO_KEEP_EVENTS=90 REPORT_DASHBOARD_URL='http://192.168.1.8:20211' DIG_GET_IP_ARG='-4 myip.opendns.com @resolver1.opendns.com' UI_LANG='English'

Email

---------------------------

REPORT_MAIL=True SMTP_SERVER='smtp.gmail.com' SMTP_PORT=587 REPORT_TO='*@**' REPORT_FROM='Pi.Alert' SMTP_SKIP_LOGIN=False SMTP_USER='*@**' SMTP_PASS='**' SMTP_SKIP_TLS=False SMTP_FORCE_SSL=False

Webhooks

---------------------------

REPORT_WEBHOOK=False WEBHOOK_URL='' WEBHOOK_PAYLOAD='html' WEBHOOK_REQUEST_METHOD='POST'

Apprise

---------------------------

REPORT_APPRISE=False APPRISE_HOST='http://localhost:8000/notify' APPRISE_URL='mailto://smtp-relay.sendinblue.com:587?from=user@gmail.com&name=apprise&user=user@gmail.com&pass=password&to=user@gmail.com' APPRISE_PAYLOAD='html'

NTFY

---------------------------

REPORT_NTFY=False NTFY_HOST='https://ntfy.sh' NTFY_TOPIC='replace_my_secure_topicname_91h889f28' NTFY_USER='user' NTFY_PASSWORD='passw0rd'

PUSHSAFER

---------------------------

REPORT_PUSHSAFER=False PUSHSAFER_TOKEN='ApiKey'

MQTT

---------------------------

REPORT_MQTT=False MQTT_BROKER='192.168.1.2' MQTT_PORT=1883 MQTT_USER='mqtt' MQTT_PASSWORD='passw0rd' MQTT_QOS=0 MQTT_DELAY_SEC=2

DynDNS

---------------------------

DDNS_ACTIVE=False DDNS_DOMAIN='your_domain.freeddns.org' DDNS_USER='dynu_user' DDNS_PASSWORD='A0000000B0000000C0000000D0000000' DDNS_UPDATE_URL='https://api.dynu.com/nic/update?'

PiHole

---------------------------

PIHOLE_ACTIVE=True DHCP_ACTIVE=True

Pholus

---------------------------

PHOLUS_ACTIVE=True PHOLUS_TIMEOUT=180 PHOLUS_FORCE=False PHOLUS_RUN='once' PHOLUS_RUN_TIMEOUT=600 PHOLUS_RUN_SCHD='0 4 *' PHOLUS_DAYS_DATA=7

Nmap

---------------------------

NMAP_ACTIVE=True NMAP_TIMEOUT=150 NMAP_RUN='none' NMAP_RUN_SCHD='0 2 *' NMAP_ARGS='-p -10000'

API

---------------------------

ENABLE_API=True API_RUN='schedule' API_RUN_SCHD='/3 ' API_RUN_INTERVAL=10 API_CUSTOM_SQL='SELECT FROM Devices WHERE dev_PresentLastScan = 0'

jokob-sk commented 1 year ago

If you use the docker run command, try omitting the -d parameter there as well. How do you launch Pi.Alert?

If you can't get a proper error message it's very hard to debug your issue.

What are the last few lines in the pialert.log file?

I only support docker installs and I'm unfamiliar with unraid.

renouji commented 1 year ago

I don't know, they were generated with the docker install from the unpaid community apps. Something with the API section of the pi-alert config.

jokob-sk commented 1 year ago

Regrettably I'm not able to help without more info.

You can try disabling features one by one, but not sure if that b will help. Try asking in a unraid community how to debug issues on unraid apps.

jokob-sk commented 1 year ago

I also noticed you have arp scan and PiHole enabled at the same time. Did you map the PiHole files? Please read the description on every setting you've enabled

renouji commented 1 year ago

Yes I mapped both files, I know API is enabled but it defaulted to that and I couldn’t find anything that really explained what it is or does so I left it alone.

On Tue, Feb 14, 2023 at 2:17 PM jokob-sk @.***> wrote:

I also noticed you have arp scan and PiHole enabled at the same time. Did you map the PiHole files? Please read the description on every setting you've enabled

— Reply to this email directly, view it on GitHub https://github.com/jokob-sk/Pi.Alert/issues/183#issuecomment-1430390369, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADGVTDR3ENOBDVDLOLRWS5LWXPY57ANCNFSM6AAAAAAU26TQWE . You are receiving this because you authored the thread.Message ID: @.***>

jokob-sk commented 1 year ago

Try disabling all features and enabling them one by one.

If you can't get a proper error message it's very hard to debug your issue.

What are the last few lines in the pialert.log file?

jokob-sk commented 1 year ago

no reply for 5 days > closing