Proxmox vendor not displaying

[benbaker76]

Is there an existing issue for this?

• [X] I have searched the existing open and closed issues and I checked the docs https://github.com/jokob-sk/NetAlertX/tree/main/docs

The issue occurs in the following browsers. Select at least 2.

• [ ] Firefox
• [ ] Chrome
• [ ] Edge
• [ ] Safari (unsupported) - PRs welcome
• [X] N/A - This is an issue with the backend

Current Behavior

Devices with MAC address bc:24:11:* are showing Vendor as (Unknown)

Expected Behavior

They should show as Proxmox Server Solutions GmbH

Steps To Reproduce

I tried updating the vendor database manually:

$ sudo docker exec -t -i netalertx /bin/bash
Home:/# python3 /app/front/plugins/vendor_update/script.py
[plugin_helper] reading config file
13:32:28 [VNDRPDT] In script
13:32:28     Updating vendors DB (iab & oui)
Connecting to standards-oui.ieee.org (142.215.42.90:80)
Connecting to standards-oui.ieee.org (142.215.42.90:443)
saving to 'ieee-oui_dl.txt'
ieee-oui_dl.txt      100% |********************************| 5800k  0:00:00 ETA
'ieee-oui_dl.txt' saved
13:32:46     Searching devices vendor
13:32:46     Devices Ignored             : 0
13:32:46     Devices with missing vendor : 2
13:32:46     Vendors Not Found           : 2
13:32:46     Vendors updated             : 0
13:32:46 [VNDRPDT] Update complete
Home:/# cat /usr/share/arp-scan/ieee-oui_all_filtered.txt | grep BC2411
BC2411 Proxmox Server Solutions GmbH

I also tried deleted all devices and re-scanning but it still will not show the Vendor for Proxmox devices correctly.

app.conf

No response

docker-compose.yml

No response

What branch are you running?

Dev

app.log

No response

Debug enabled

• [X] I have read and followed the steps in the wiki link above and provided the required debug logs and the log section covers the time when the issue occurs.

[benbaker76]

I believe the issue is because the script is trying to update devices with a vendor of (unknown) when it should be (Unknown)

    # Get devices without a vendor
    sql.execute  ("""SELECT 
                            devMac, 
                            devLastIP, 
                            devName, 
                            devVendor 
                            FROM Devices
                            WHERE   devVendor      = '(unknown)' 
                                    OR devVendor   = ''
                                    OR devVendor   IS NULL
                        """)

Changing the script I now get:

Home:/# python3 /app/front/plugins/vendor_update/script.py
[plugin_helper] reading config file
14:47:30 [VNDRPDT] In script
14:47:30     Updating vendors DB (iab & oui)
Connecting to standards-oui.ieee.org (142.215.42.90:80)
wget: bad address 'standards-oui.ieee.org'
14:47:40     Searching devices vendor
14:47:41     Devices Ignored             : 1
14:47:41     Devices with missing vendor : 20
14:47:41     Vendors Not Found           : 1
14:47:41     Vendors updated             : 18
14:47:41 [VNDRPDT] Update complete

Unfortunately the vendor is still showing as (Unknown) for my Proxmox devices

[jokob-sk]

Hi there,

Thanks a lot for the detailed report.

I jsut pushed hopefully a fix - It would be great if you could test this. Can you please spin up a separate netalertx-dev docker image (backup everything at first), in about 15 minutes (or after the last action finishes) from now?

Make sure you refresh your browser cache - and click the 🔄 refresh button in the top right corner.

Thanks in advance, j

[benbaker76]

I think the plugin itself is fixed now but it doesn't seem to be updating the devices in the SQL database

Home:/# cat /app/front/plugins/vendor_update/script.py | grep -i "(unknown)"
                            WHERE   devVendor      = '(unknown)' 
                                    OR devVendor   = '(Unknown)' 
Home:/# cat /usr/share/arp-scan/ieee-oui_all_filtered.txt | grep BC2411
BC2411 Proxmox Server Solutions GmbH
Home:/# cat /app/front/plugins/vendor_update/last_result.log | grep bc:24:11
bc:24:11:32:7e:57|192.168.1.34|2024-11-21 15:57:54|Proxmox Server Solutions GmbH|(name not found)||||bc:24:11:32:7e:57||||
bc:24:11:e7:5c:d9|192.168.1.59|2024-11-21 15:57:54|Proxmox Server Solutions GmbH|ubuntu||||bc:24:11:e7:5c:d9||||
bc:24:11:77:26:c6|192.168.1.246|2024-11-21 15:57:54|Proxmox Server Solutions GmbH|(name not found)||||bc:24:11:77:26:c6||||
bc:24:11:24:55:24|192.168.1.247|2024-11-21 15:57:54|Proxmox Server Solutions GmbH|(name not found)||||bc:24:11:24:55:24||||
bc:24:11:a8:2d:14|192.168.1.245|2024-11-21 15:57:54|Proxmox Server Solutions GmbH|nas||||bc:24:11:a8:2d:14||||
bc:24:11:29:32:48|192.168.1.248|2024-11-21 15:57:54|Proxmox Server Solutions GmbH|(name not found)||||bc:24:11:29:32:48||||
bc:24:11:6d:4d:b9|192.168.1.249|2024-11-21 15:57:54|Proxmox Server Solutions GmbH|(name not found)||||bc:24:11:6d:4d:b9||||
bc:24:11:d9:34:c0|192.168.1.250|2024-11-21 15:57:54|Proxmox Server Solutions GmbH|(name not found)||||bc:24:11:d9:34:c0||||
bc:24:11:d4:b8:1a|192.168.1.243|2024-11-21 15:57:54|Proxmox Server Solutions GmbH|(name not found)||||bc:24:11:d4:b8:1a||||
bc:24:11:36:59:ca|192.168.1.244|2024-11-21 15:57:54|Proxmox Server Solutions GmbH|(name not found)||||bc:24:11:36:59:ca||||

Tried scheduling [Ad-hoc events] Events executed: run with param VNDRPDT, clearing cache, refreshing, incognito etc.

[jokob-sk]

Hi @benbaker76 - thanks for the quick check and help debugging this!

Only devices with vendor fields set to empty "" or "null" were previously updated. I added the check for "(unknown)" and "(Unknown)" as well.

I just pushed hopefully a fix - It would be great if you could test this. Can you please spin up a separate netalertx-dev docker image (backup everything at first), in about 15 minutes (or after the last action finishes) from now?

[benbaker76]

I did actually try changing /app/server/device.py to add the extra (Unknown) checks before I made my first post but as before it's still not working.

I think you may have missed an extra one; but that doesn't appear to have fixed it either:

Home:/# cat /app/server/device.py | grep devVendor
                            devVendor,
    mylog('debug', '[Update Devices] - cur_Vendor -> (if empty) devVendor')
                    SET devVendor = (
                        (devVendor IS NULL OR devVendor IN ("", "null", "(unknown)", "(Unknown)"))
               WHERE devVendor IS NULL OR devVendor IN ('', 'null', '(unknown)', '(Unknown)')"""
...

Not sure what's going on? Perhaps you can try creating a fake device on your network and see if you can get it to update the vendor?

[jokob-sk]

Hi @benbaker76 ,

The thing is I created a fake device with the correct prefix and it was detected fine as a Proxmox vendor based device even before the changes.

I actually couldn't figure out where the (Unknown) (capital U) string comes from.

Can you please try to start with a blank setup? What plugins do you have enabled?

[benbaker76]

I tried deleting the config and db folders and now I constantly get Can't READ or WRITE app.conf. Try restarting the container and read the file permissions documentation if I try to go to settings.

If you're wondering where the (Unknown) comes from it's from arp-scan.

Home:/# arp-scan -I br0 192.168.1.0/24 | grep bc:24:11
192.168.1.34    bc:24:11:32:7e:57   (Unknown)
192.168.1.59    bc:24:11:e7:5c:d9   (Unknown)
192.168.1.243   bc:24:11:d4:b8:1a   (Unknown)
192.168.1.250   bc:24:11:d9:34:c0   (Unknown)
192.168.1.245   bc:24:11:a8:2d:14   (Unknown)
192.168.1.246   bc:24:11:77:26:c6   (Unknown)
192.168.1.244   bc:24:11:36:59:ca   (Unknown)

[benbaker76]

Not sure if this helps? When I run the following in the container:

Home:/# arp-scan -I br0 192.168.1.0/24 --ouifile=/usr/share/arp-scan/ieee-oui_all_filtered.txt | grep bc:24:11

I get lots of WARNING: Could not parse oui: errors. Looks like you're not outputting a tab between the MAC and Vendor name when generating ieee-oui_all_filtered.txt

EDIT: If I add a tab on the lineBC2411 Proxmox Server Solutions GmbH manually it now outputs the correct vendor name instead of (Unknown)

192.168.1.34    bc:24:11:32:7e:57   Proxmox Server Solutions GmbH
192.168.1.59    bc:24:11:e7:5c:d9   Proxmox Server Solutions GmbH
192.168.1.243   bc:24:11:d4:b8:1a   Proxmox Server Solutions GmbH
192.168.1.249   bc:24:11:6d:4d:b9   Proxmox Server Solutions GmbH
192.168.1.250   bc:24:11:d9:34:c0   Proxmox Server Solutions GmbH

[jokob-sk]

Okay, hopefully the above fixes it 🤞

[jokob-sk]

Also fixed the tab separator

[benbaker76]

It's fixed, thanks!

[jokob-sk]

Great :) thanks for the help!