Greetings Moto,
In order to check "what is going on" inside your IntelMQ botnet, you could use the following commands: "sudo -u <intelmq_user_account> intelmqctl status" -> this one checks which bots are running, which are stopped and which are disabled. "sudo -u <intelmq_user_account> intelmqctl list queues" -> this one displays the current amount of messages stored in the internal or external bots queues. (use "-q" at the end if you want to hide queues with 0 messages) "cat /var/log/intelmq/<bot_name>.log" will display the bot output (by default only info and error messages are shown, debug message are hidden -> am I right?) Finally, you can check the output of the botnet (your DB, a MISP instance, whatever you have) to make sure that what your bots have collected has been processed properly.
You could also manually run your bots with "sudo -u <intelmq_user_account> intelmqctl run <bot_name> -l DEBUG" so you can check what the bot is doing in real time.
Best regards, Jonathan
-- Jonathan SCOUPREMAN | jscoupreman@excellium-services.lu | PGP Key ID: 0xAD971C07 CERT-XLM | cert@excellium-services.com | PGP Key ID: 0xD74E5AC0 CERT-XLM Incident Handler @ excellium-services.com Excellium Services S.A. | 5 rue Goell L-5326 Contern Mobile: +352 691 982 790 Emergency: +352 262 039 64 708 | emergency@excellium-services.com | PGP Key ID: 0x42662EFE
-----Original Message----- From: IntelMQ-users intelmq-users-bounces@lists.cert.at On Behalf Of moto kawasaki Sent: jeudi 11 mars 2021 09:26 To: intelmq-users@lists.cert.at Subject: [IntelMQ-users] where can I see data gathered by intelmq?
Dear intelmq-users list,
I've just installed intelmq 2.3.0 via pypi and run it via `intelmqctl start`, and I can see several python processes are running with intelmq user in top command.
Can I see some data that is collected by intelmq bots at this stage? If yes, where should I find it?
Now I reckon intelmq-manager is the answer to the above question, and I am trying to figure out how to use intelmq-manager web interface. (pypi installation has done)
Any suggestions will be appreciated. Thank you!
Best Regards.
-- moto kawasaki moto@kawasaki3.org +81-90-2464-8454
-- List settings: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cert... IntelMQ Documentation: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fintelmq.re... This email is confidential and may contain legally privileged information. If you are not the intended recipient, you should not copy, distribute, disclose or use the information it contains, please e-mail the sender immediately and delete this message from your system. Note: e-mails are susceptible to corruption, interception and unauthorised amendment; we do not accept liability for any such changes, or for their consequences. You should be aware that we may monitor your e-mails and their content. Excellium Services SA.