simonemainardi
commented
3 years ago Seems the SQL db is corrupted:
- stop ntopng
- execute
find /var/lib/ntopng -name "alert*.db" -delete - restart ntopng
Closed nobless closed 3 years ago
simonemainardi
commented
3 years ago Seems the SQL db is corrupted:
find /var/lib/ntopng -name "alert*.db" -delete
19/Sep/2021 23:57:19 [AlertStore.cpp:131] ERROR SQL Error: database disk image is malformed INSERT INTO flow_alerts (alert_id, tstamp, tstamp_end, severity, ip_version, cli_ip, srv_ip, cli_port, srv_port, vlan_id, is_cli_attacker, is_cli_victim, is_srv_attacker, is_srv_victim, proto, l7_proto, l7_master_proto, l7_cat, cli_name, srv_name, cli_country, srv_country, cli_blacklisted, srv_blacklisted, cli2srv_bytes, srv2cli_bytes, cli2srv_pkts, srv2cli_pkts, first_seen, community_id, score, flow_risk_bitmap, alerts_map, json) VALUES (56, 1632085039, 1632085039, 3, 4, '192.168.8.250', '172.217.16.35', 26773, 80, 0, 0, 0, 0, 0, 6, 126, 7, 5, '', 'connectivitycheck.gstatic.com', '', 'IT', 0, 0, 54, 60, 1, 1, 1632085023, '1:8tqtomFSIUYQzN9JBJyrVysc/CE=', 10, 0, X'0100000000000000', '{"ntopng.key":1837235851,"hash_entry_id":190,"info":"","alert_generation": {"script_key":"tcp_no_data_exchanged","subdir":"flow"}}');
19/Sep/2021 23:57:13 [AlertStore.cpp:131] ERROR SQL Error: database disk image is malformed INSERT INTO flow_alerts (alert_id, tstamp, tstamp_end, severity, ip_version, cli_ip, srv_ip, cli_port, srv_port, vlan_id, is_cli_attacker, is_cli_victim, is_srv_attacker, is_srv_victim, proto, l7_proto, l7_master_proto, l7_cat, cli_name, srv_name, cli_country, srv_country, cli_blacklisted, srv_blacklisted, cli2srv_bytes, srv2cli_bytes, cli2srv_pkts, srv2cli_pkts, first_seen, community_id, score, flow_risk_bitmap, alerts_map, json) VALUES (54, 1632085032, 1632085032, 4, 4, '192.168.8.250', '54.171.85.112', 19128, 443, 0, 0, 0, 0, 0, 6, 178, 91, 5, '', '', '', 'IE', 0, 0, 386, 3122, 5, 5, 1632085031, '1:tVaPNdts/bPD8x+fjmsxJ77uHP8=', 60, 16809984, X'40400000000000', '{"ntopng.key":4149531067,"hash_entry_id":200,"info":"","alert_generation": {"script_key":"ndpi_tls_missing_sni","subdir":"flow"},"protos.tls_version":771,"protos.tls.server_names":".samsungiotcloud.com","protos.tls.issuerDN":"CN=Samsung Electronics OCF Server SubCA, OU=OCF Server SubCA, O=Samsung Electronics, C=KR","protos.tls.subjectDN":"C=KR, O=Samsung Electronics, OU=uuid:ab0b0ac4-aae9-4958-a04d-8ec36fe1b2f9, CN=.samsungiotcloud.com","protos.tls.notBefore":1584509786,"protos.tls.notAfter":1757309786,"protos.tls.ja3.client_hash":"5d64d9e56266f38d6ea5a20cbe4e44ca","protos.tls.ja3.server_hash":"5cbdf35d43faf9cfc331165209343f05","protos.tls.ja3.server_unsafe_cipher":"safe","protos.tls.ja3.server_cipher":49195}');
19/Sep/2021 23:57:13 [AlertStore.cpp:131] ERROR SQL Error: database disk image is malformed INSERT INTO flow_alerts (alert_id, tstamp, tstamp_end, severity, ip_version, cli_ip, srv_ip, cli_port, srv_port, vlan_id, is_cli_attacker, is_cli_victim, is_srv_attacker, is_srv_victim, proto, l7_proto, l7_master_proto, l7_cat, cli_name, srv_name, cli_country, srv_country, cli_blacklisted, srv_blacklisted, cli2srv_bytes, srv2cli_bytes, cli2srv_pkts, srv2cli_pkts, first_seen, community_id, score, flow_risk_bitmap, alerts_map, json) VALUES (6, 1632085031, 1632085031, 4, 4, '192.168.8.250', '1.1.1.1', 21400, 53, 0, 1, 0, 1, 0, 17, 5, 0, 14, '', '', '', 'AU', 0, 0, 614, 965, 10, 8, 1632084907, '1:ZyZb0E1n508ZMO/BYEJEKVcF+qM=', 50, 0, X'40', '{"ntopng.key":3249133407,"hash_entry_id":74,"info":"ocfconnect-shard-eu02-euwest1.samsungiotcloud.com","alert_generation": {"script_key":"dns_data_exfiltration","subdir":"flow"}}');