[IntelMQ-users] Bot Unknown

Sebastian Wagner wagner at cert.at
Thu Apr 29 10:28:05 CEST 2021 

Dear hatibu,

IntelMQ is currently using a pid-file based approach (without file
locking) to determine of bots are running. Unfortunately, that is
error-prone to behaviors like the one you are experiencing just now. If
the bots are actually not running (check with ps/top/htop), you can
remove the dangling PID files manually. They are in `/var/run/intelmq/`
or `/opt/intelmq/var/run/`, depending on your installation.

If someone is encourage to work on this, here's some more context:
- https://github.com/certtools/intelmq/issues/1552
- https://github.com/certtools/intelmq/issues/1569

HTH
Sebastian

On 4/29/21 10:08 AM, hatibu chande wrote:
> Hello Team,
>
> I recently installed inetlmq and configured shadowsever API bot
> collector with shadowserverAPI parser, Cymru-Whois-Expert
> and File-Output but i got this error when running.
>
> Starting Botnet...
> Starting Cymru-Whois-Expert...
> Starting File-Output...
> Starting Shadowserver-JSON-Parser...
> Starting Shadowserver-Reports-API-Collector...
> Status of Bot Cymru-Whois-Expert is unknown: 'Unhandled error checking
> the process 18850 with commandline [].'.
> Cymru-Whois-Expert unknown
> Status of Bot File-Output is unknown: 'Unhandled error checking the
> process 18851 with commandline [].'.
> File-Output unknown
> Status of Bot Shadowserver-JSON-Parser is unknown: 'Unhandled error
> checking the process 18852 with commandline [].'.
> Shadowserver-JSON-Parser unknown
> Status of Bot Shadowserver-Reports-API-Collector is unknown:
> 'Unhandled error checking the process 18853 with commandline [].'.
> Shadowserver-Reports-API-Collector unknown
> Bot Botnet is running.
>
> Can anyone help me please.
>
> Regards,
> Hatibu.
>
>
-- 
// Sebastian Wagner <wagner at cert.at> - T: +43 676 898 298 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20210429/739baa44/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20210429/739baa44/attachment.sig>

More information about the IntelMQ-users mailing list