Closed acadian42 closed 6 months ago
mammo0
commented
6 months ago Hello @acadian42,
I will have a look at the issue tomorrow.
Normally the error message means that the script arkime_update_geo.sh was not run during building the Docker image.
Did you build the Docker image by yourself or did you use the one from DockerHub?
acadian42
commented
6 months ago I tried both building the image myself and pulling the image from DockerHub directly. Both with the same result.
mammo0
commented
6 months ago I'm sorry but I can't reproduce your issue...
I checked the filesystem of the current latest image from DockerHub:
> $ docker run --rm -it --entrypoint bash mammo0/docker-arkime:latest
root@07a91dbdc3cf:/opt/arkime# ls -l /opt/arkime/etc/
total 2740
-rw-r--r-- 1 root root 592 Feb 20 18:57 arkimecapture.systemd.service
-rw-r--r-- 1 root root 428 Feb 20 18:57 arkimecont3xt.systemd.service
-rw-r--r-- 1 root root 449 Feb 20 18:57 arkimeparliament.systemd.service
-rw-r--r-- 1 root root 462 Feb 20 18:57 arkimeviewer.systemd.service
-rw-r--r-- 1 root root 421 Feb 20 18:57 arkimewise.systemd.service
-rwxr-xr-x 1 root root 13929 Feb 20 18:57 config.ini.sample
-rwxr-xr-x 1 root root 1967 Feb 20 18:57 cont3xt.ini.sample
-rwxr-xr-x 1 root root 739 Feb 20 18:57 env.example
-rw-r--r-- 1 root root 23323 Dec 18 18:30 ipv4-address-space.csv
-rw-r--r-- 1 root root 2723266 Feb 21 10:25 oui.txt
-rwxr-xr-x 1 root root 109 Feb 20 18:57 parliament.env.example
-rwxr-xr-x 1 root root 336 Feb 20 18:57 parliament.ini.sample
-rwxr-xr-x 1 root root 2784 Feb 20 18:57 wise.ini.sample
root@07a91dbdc3cf:/opt/arkime# As you can see, the file oui.txt exists at the right place. I also tried that with a freshly build image.
Then I started up Arkime together with Opensearch via docker compose and imported sample pcap file with the arkime-parse-pcap-folder.sh script. This basically calls the capture command. Also no problems here. Only the warnings about the missing geo files:
Mar 2 09:44:35 db.c:2740 arkime_db_init(): WARNING - No Geo Country file could be loaded, see https://arkime.com/settings#geolite2country
Mar 2 09:44:35 db.c:2751 arkime_db_init(): WARNING - No Geo ASN file could be loaded, see https://arkime.com/settings#geolite2asnBut this is currently intended behavior, because for the geo files you need a MaxMind account: https://arkime.com/faq#maxmind
Can you please provide all steps that you have done? The commands that you run?
mammo0
commented
6 months ago Meanwhile I made some modifications to the handling of environment variables when using docker compose (8213165291ff701ed8f5250f929e5cf826577a05). If you use docker compose please have look at the updated README section.
And I fixed a potential issue that could happen if the ./pcaps directory is not writable for everyone (d44e050c27e89aba4d98ddf0de085d6411dfe6eb). This is needed if you set the CAPTURE variable to on to monitor a network interface, because capture uses the user nobody to write the pcap files.
I updated the v5.0.1 Docker image. Therefore, please re-pull the image.
acadian42
commented
6 months ago Looks like there was an issue with my volume mounting (config). I copied the directory out of the container, the volume mounted all the config/service files correctly and the error is now gone.
Appreciate the help.
Cheers!
After install I am seeing the following error in my capture.log even after running arkime_update_geo.sh and committing the changes to the container. I have also tried to set ARKIME_INSTALL_DIR as an ENV in the Dockerfile.
Mar 1 16:47:55 db.c:2740 arkime_db_init(): WARNING - No Geo Country file could be loaded, see https://arkime.com/settings#geolite2country Mar 1 16:47:55 db.c:2751 arkime_db_init(): WARNING - No Geo ASN file could be loaded, see https://arkime.com/settings#geolite2asn vvvvvvvvvvvvvvvvvvvvvvvvv IMPORTANT vvvvvvvvvvvvvvvvvvvvvvvvv FATAL CONFIG ERROR - Couldn't stat oui file 'ARKIME_INSTALL_DIR/etc/oui.txt' with error 'No such file or directory' - FIX by running /opt/arkime/bin/arkime_update_geo.sh ^^^^^^^^^^^^^^^^^^^^^^^^^ IMPORTANT ^^^^^^^^^^^^^^^^^^^^^^^^^