Dear hatibu,
IntelMQ is currently using a pid-file based approach (without file locking) to determine of bots are running. Unfortunately, that is error-prone to behaviors like the one you are experiencing just now. If the bots are actually not running (check with ps/top/htop), you can remove the dangling PID files manually. They are in `/var/run/intelmq/` or `/opt/intelmq/var/run/`, depending on your installation.
If someone is encourage to work on this, here's some more context: - https://github.com/certtools/intelmq/issues/1552 - https://github.com/certtools/intelmq/issues/1569
HTH Sebastian
On 4/29/21 10:08 AM, hatibu chande wrote:
Hello Team,
I recently installed inetlmq and configured shadowsever API bot collector with shadowserverAPI parser, Cymru-Whois-Expert and File-Output but i got this error when running.
Starting Botnet... Starting Cymru-Whois-Expert... Starting File-Output... Starting Shadowserver-JSON-Parser... Starting Shadowserver-Reports-API-Collector... Status of Bot Cymru-Whois-Expert is unknown: 'Unhandled error checking the process 18850 with commandline [].'. Cymru-Whois-Expert unknown Status of Bot File-Output is unknown: 'Unhandled error checking the process 18851 with commandline [].'. File-Output unknown Status of Bot Shadowserver-JSON-Parser is unknown: 'Unhandled error checking the process 18852 with commandline [].'. Shadowserver-JSON-Parser unknown Status of Bot Shadowserver-Reports-API-Collector is unknown: 'Unhandled error checking the process 18853 with commandline [].'. Shadowserver-Reports-API-Collector unknown Bot Botnet is running.
Can anyone help me please.
Regards, Hatibu.