[Questions and Support] Maltrail not listening on port 8337/udp

[simonszu]

Support I want to set up a central maltrail server where machines can report to. However i have some problems with opening the UDP port. I deployed the server as a container with host network mode (i am able to change that later, only to not having the docker-proxy mess things up). My router, a Unifi Dream Machine Pro which is basically running debian, is not able to connect to the host:

root@UDM:~# nc -vz -u 192.168.10.4 8337
home.simonszu.de [192.168.10.4] 8337 (?) : Connection refused

Therefore i checked if the server is running correctly. For the WebUI everything is fine and it is reachable:

❯ sudo netstat -tulpen | grep 8338
tcp        0      0 0.0.0.0:8338            0.0.0.0:*               LISTEN      0          95271027   4180017/python

But there is no listening process on port 8337/udp:

❯ sudo netstat -tulpen | grep 8337
// empty response

This is the relevant snippet from the config:

# Listen address of (reporting) HTTP server
HTTP_ADDRESS 0.0.0.0
#HTTP_ADDRESS ::
#HTTP_ADDRESS fe80::12c3:7bff:fe6d:cf9b%eno1

# Listen port of (reporting) HTTP server
HTTP_PORT 8338

# Use SSL/TLS
USE_SSL false

# SSL/TLS (private/cert) PEM file (e.g. openssl req -new -x509 -keyout server.pem -out server.pem -days 1023 -nodes)
#SSL_PEM misc/server.pem

# User entries (username:sha256(password):UID:filter_netmask(s))
# Note(s): sha256(password) can be generated on Linux with: echo -n 'password' | sha256sum | cut -d " " -f 1
#          UID >= 1000 have only rights to display results (Note: this moment only functionality implemented at the client side)
#          filter_netmask(s) is/are used to filter results
USERS
    admin:9ab3cd9d67bf49d01f6a2e33d0bd9bc804ddbe6ce1ff5d219c42624851db5dbc:0:                        # changeme!
#    local:9ab3cd9d67bf49d01f6a2e33d0bd9bc804ddbe6ce1ff5d219c42624851db5dbc:1000:192.168.0.0/16       # changeme!

# Mask custom trail names for non-admin users (UID >= 1000)
ENABLE_MASK_CUSTOM true

# Listen address of (log collecting) UDP server
UDP_ADDRESS 192.168.10.4
#UDP_ADDRESS ::
#UDP_ADDRESS fe80::12c3:7bff:fe6d:cf9b%eno1

# Listen port of (log collecting) UDP server
UDP_PORT 8337

am i supposed to set UDP_ADDRESS to 0.0.0.0 like it was done for the HTTP_ADDRESS? I tried that, but without success. Where is my mistake?

[MikhailKasimov]

Hello! Try this article: https://github.com/stamparm/maltrail/wiki/Miscellaneous#2-setting-up-centralized-maltrail-server-log-collector-for-multi-sensor-maltrail-installation

[simonszu]

I did. But Maltrail is seems not to listen on 8337/udp

[MikhailKasimov]

Take a look -- is this similar? --> https://github.com/stamparm/maltrail/issues/19246

[simonszu]

It does. After this issue has pointed out some flaws in the Docker howto, i did a close examination. Turns out, this howto does not mount the config to its location inside the container. I have changed that for myself and will maybe submit a PR to fix this documentation issue.

[MikhailKasimov]

I have changed that for myself and will maybe submit a PR to fix this documentation issue.

Will be pretty thankful, if your PR fixes the issue.

[MikhailKasimov]

@simonszu Thank you!