Journalctl can suppress messages resulting in lost console output

[riskydissonance]

When running posh as a service and using journalctl to view the logs (as per poshc2.service) if there are a lot of messages or lines then journalctl can suppress those messages resulting in incomplete information being logged to the console.

The full output is still logged to the database however.

The initial limit on linux mint/ubuntu appears to kickin around 3-4000 lines into a large file when being cat-ed, but it's rate limiting not line limiting so the value will vary.

Journalctl rate limiting can be adjusted in /etc/systemd/journald.conf, rate limiting can be turned off with a value set to 0 but be aware this is a system-wide change.

See below for more information:

• https://bani.com.br/2015/06/systemd-journal-what-does-systemd-journal-suppressed-n-messages-from-system-slice-mean/
• https://www.rootusers.com/how-to-change-log-rate-limiting-in-linux/

[riskydissonance]

An alternative could instead be to just run python C2Server.py > server.log rather than using journalctl, then tail -f server.log to view it? That way you get a full log and the output without changing system config...?

[riskydissonance]

Fixed in 4.8, see https://github.com/nettitude/PoshC2_Python/blob/master/README.md