Closed federicoemartinez closed 4 years ago
mtkennerly
commented
4 years ago Hello! Could you please post your shawl.log file? It should be in the same location as shawl.exe, which will help me to see exactly what's going wrong. Could you also elaborate a bit on "it fails"?
federicoemartinez
commented
4 years ago Wow! that was fast! This is the log shawl.log
In my registry, the imagepath is: C:\Program Files\test\Deps\shawl.exe run --name queue -- "C:\Program Files\test\tasks\queue.bat"
shawl.log is the only log file created. Thanks!
mtkennerly
commented
4 years ago Hmm, I can't reproduce this so far. What's in your BAT file? This works for me:
echo hi >> C:/tmp/script.log
shawl add --name queue -- C:/tmp/script.bat
sc start queue
2020-03-03 01:44:40 [DEBUG] (1) shawl: ********** LAUNCH **********
2020-03-03 01:44:40 [DEBUG] (1) shawl: Cli { sub: Add { common: CommonOpts { pass: None, restart: false, no_restart: false, restart_if: [], restart_if_not: [], stop_timeout: None, command: ["C:/tmp/script.bat"] }, cwd: None, name: "queue" } }
2020-03-03 01:44:40 [DEBUG] (1) shawl: Finished successfully
2020-03-03 01:44:46 [DEBUG] (1) shawl: ********** LAUNCH **********
2020-03-03 01:44:46 [DEBUG] (1) shawl: Cli { sub: Run { common: CommonOpts { pass: None, restart: false, no_restart: false, restart_if: [], restart_if_not: [], stop_timeout: None, command: ["C:/tmp/script.bat"] }, cwd: None, name: "queue" } }
2020-03-03 01:44:46 [DEBUG] (3) shawl::service: Entering main service loop
2020-03-03 01:44:46 [ INFO] Launching command
2020-03-03 01:44:47 [ INFO] Command exited with code 0
2020-03-03 01:44:47 [DEBUG] (3) shawl::service: Exited main service loop
2020-03-03 01:44:47 [DEBUG] (1) shawl: Finished successfullyhi(I should probably add an option to log the output from the command itself since that would help to see what's failing in your case)
federicoemartinez
commented
4 years ago I see you have / instead of \ in your path. Also the path to my bat was in "". May that be relevant? I'm running a VM on virtual box with windows 7. I have not access to the VM or a windows machine right now, but I will try tomorrow morning changing the path and will let you know. Thanks again!
mtkennerly
commented
4 years ago Nah, that shouldn't matter; I've used it both ways.
I just released v0.5.0, which adds stdout/stderr logging from the commands. Please give it a try and see if that helps narrow down the issue. Here's some sample logging:
echo hi >> C:/tmp/script.log
echo mid
timeout 2
echo bye2020-03-03 04:46:26 [DEBUG] (1) shawl: ********** LAUNCH **********
2020-03-03 04:46:26 [DEBUG] (1) shawl: Cli { sub: Run { common: CommonOpts { pass: None, restart: false, no_restart: false, restart_if: [], restart_if_not: [], stop_timeout: None, no_log: false, no_log_cmd: false, command: ["C:/tmp/script.bat"] }, cwd: None, name: "queue" } }
2020-03-03 04:46:26 [DEBUG] (3) shawl::service: [queue] Entering main service loop
2020-03-03 04:46:26 [ INFO] [queue] Launching command
2020-03-03 04:46:26 [DEBUG] (4) shawl::service: [queue] stdout: "C:\\windows\\system32>echo hi 1>>C:/tmp/script.log "
2020-03-03 04:46:26 [DEBUG] (4) shawl::service: [queue] stdout: "C:\\windows\\system32>echo mid "
2020-03-03 04:46:26 [DEBUG] (4) shawl::service: [queue] stdout: "mid"
2020-03-03 04:46:26 [DEBUG] (4) shawl::service: [queue] stdout: "C:\\windows\\system32>timeout 2 "
2020-03-03 04:46:28 [DEBUG] (4) shawl::service: [queue] stdout: "Waiting for 2 seconds, press a key to continue ...\u{8}1\u{8}0"
2020-03-03 04:46:28 [DEBUG] (4) shawl::service: [queue] stdout: "C:\\windows\\system32>echo bye "
2020-03-03 04:46:28 [DEBUG] (4) shawl::service: [queue] stdout: "bye"
2020-03-03 04:46:28 [ INFO] [queue] Command exited with code 0
2020-03-03 04:46:28 [DEBUG] (3) shawl::service: [queue] Exited main service loop
2020-03-03 04:46:28 [DEBUG] (1) shawl: Finished successfullyHello! I just redeployed my things (I was trying shaw with a package I'm installing using nsis). It does seem to work now. I replaced the bat content with an echo as you did and i got:
2020-03-03 11:01:40 [ INFO] Launching command 2020-03-03 11:01:41 [ INFO] Command exited with code 0 2020-03-03 11:01:41 [DEBUG] (3) shawl::service: Exited main service loop 2020-03-03 11:01:41 [DEBUG] (1) shawl: Finished successfully
so it seems I misconfigured something before. Apologies for that and thank you!
Is it possible to rotate the logs so they don't grow forever?
Again thanks!
mtkennerly
commented
4 years ago I definitely want to add log rotation. It's not available right now, but I'll see if I can add it soon.
federicoemartinez
commented
4 years ago that is great. I will look forward to that :)
Last one: Can i deploy 2 services at the same time with shawl or there might be a concurrency problem of any sort?
federicoemartinez
commented
4 years ago Just to let you know, I uploaded the latest win32 release (0.5) to virustotal, as I'm coming from NSSM because the customer did not like that their domain was .cc, they considered that a security risk; and they use virustotal. virustotal gives 1 finding to the file: https://www.virustotal.com/gui/file/e626a3d6772cb8cfa68857388a2daeb9c5784137b27f897be95cfd701afc4e72/detection I just reported the false positive to that antivirus anyways. If you want, I can let you know what they answer. Thanks again!
mtkennerly
commented
4 years ago Oh, cool, I wasn't aware about that site. Thanks! I would definitely be interested if you hear back from them. It sounds like maybe a "suspicious.low.ml.score" is just a low confidence score because it hasn't been analyzed before?
And yeah, you can run any number of services through the same copy of Shawl. I did some stress testing of it a while ago, and this was the result:
I ran 50 wrapped services simultaneously that were immediately exiting and restarting (to trigger a lot of logging), and it worked fine other than some log lines being smooshed together. Under normal circumstances without services constantly restarting, there would be a pretty low chance of collisions like that
If you want to make 100% sure to avoid any logging collisions, you can (for now) use multiple copies of Shawl in different locations, since each one will use its own file. Ideally, when I add log rotation, I would also want to add a --log-file option so you can more easily have one log per service.
federicoemartinez
commented
4 years ago I would let you know if they write me back. They say they use "machine learning" https://trapmine.com/blog/trapmine-machine-learning-virustotal/
I think it is a false positive maybe because, as you said, the file is unknown or maybe because they inspect what the file does (system calls for instance, ddl linked) and it might look like a threat: a small binary, that creates a service.
Meanwhile, I think we can close this issue as my bats are running :smile: Thanks a lot!
mtkennerly
commented
4 years ago @federicoemartinez, FYI, v0.6.0 is now available, which includes service-specific log files and log rotation (up to 3 files per service, 2 MB each) by default.
federicoemartinez
commented
4 years ago That is great! Thank you! This new release does not trigger any alarm on virustotal :) I have never received an answer from Trapmine for the previous version. Thanks for your work!
I have a bat file with basically a while true loop, how do I set it to run with shawl? I have tried shawl.exe run --name serviceName -- "FULL_PATH_TO_THE_BAT_FILE" and it fails. I cannot use cmd /c start because i understand that start won't wait and shawl will restart my service. Is it possible to run a bat file? Thanks!