Dear hatibu,

IntelMQ is currently using a pid-file based approach (without file locking) to determine of bots are running. Unfortunately, that is error-prone to behaviors like the one you are experiencing just now. If the bots are actually not running (check with ps/top/htop), you can remove the dangling PID files manually. They are in `/var/run/intelmq/` or `/opt/intelmq/var/run/`, depending on your installation.

If someone is encourage to work on this, here's some more context:
- https://github.com/certtools/intelmq/issues/1552
- https://github.com/certtools/intelmq/issues/1569

HTH
Sebastian

Hello Team,

I recently installed inetlmq and configured shadowsever API bot collector with shadowserverAPI parser, Cymru-Whois-Expert and File-Output but i got this error when running.

Starting Botnet...
Starting Cymru-Whois-Expert...
Starting File-Output...
Starting Shadowserver-JSON-Parser...
Starting Shadowserver-Reports-API-Collector...
Status of Bot Cymru-Whois-Expert is unknown: 'Unhandled error checking the process 18850 with commandline [].'.
Cymru-Whois-Expert unknown
Status of Bot File-Output is unknown: 'Unhandled error checking the process 18851 with commandline [].'.
File-Output unknown
Status of Bot Shadowserver-JSON-Parser is unknown: 'Unhandled error checking the process 18852 with commandline [].'.
Shadowserver-JSON-Parser unknown
Status of Bot Shadowserver-Reports-API-Collector is unknown: 'Unhandled error checking the process 18853 with commandline [].'.
Shadowserver-Reports-API-Collector unknown
Bot Botnet is running.

Can anyone help me please.

Regards,

Hatibu.

-- 
// Sebastian Wagner <wagner@cert.at> - T: +43 676 898 298 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg