LogonTracer icon indicating copy to clipboard operation
LogonTracer copied to clipboard

Published 20 hours ago verified publisher icon JPCERTCC

Event log import error

Open etmouse opened this issue 6 years ago • 6 comments

hi,when i import my event log ,i got these errors.but the sample Securyty.evtx is good,why?

$ sudo python3 logontracer.py --delete -e ./security.evtx -z +8 -u neo4j -p passwrod -s 192.168.1.69 [] Script start. 2018/06/11 09:03:54 [] Delete all nodes and relationships from this Neo4j database. [] Time zone is 8. [] Last record number is 14480. [] Start parsing the EVTX file. [] Parse the EVTX file ./security.evtx. [] Now loading 14400 records. [] Load finished. [] Total Event log is 14480. [] Calculate PageRank. [] Calculate ChangeFinder. [] Creating a graph data. Traceback (most recent call last): File "logontracer.py", line 803, in main() File "logontracer.py", line 792, in main parse_evtx(args.evtx, GRAPH) File "logontracer.py", line 745, in parse_evtx tx.process() File "/usr/local/lib/python3.6/dist-packages/py2neo/database/init.py", line 1050, in process self._post() File "/usr/local/lib/python3.6/dist-packages/py2neo/database/init.py", line 1293, in _post self._sync() File "/usr/local/lib/python3.6/dist-packages/py2neo/database/init.py", line 1282, in _sync connection.send() File "/usr/local/lib/python3.6/dist-packages/py2neo/packages/neo4j/v1/bolt.py", line 310, in send self.channel.send() File "/usr/local/lib/python3.6/dist-packages/py2neo/packages/neo4j/v1/bolt.py", line 141, in send self.socket.sendall(data) ConnectionResetError: [Errno 104] Connection reset by peer

etmouse avatar Jun 11 '18 09:06 etmouse

Your neo4j server may have timeout. I changed to connect to neo4j server just before uploading data. Please try the fixed version.

shu-tom avatar Jun 11 '18 12:06 shu-tom

after update,the problem is still there

$ sudo git pull remote: Counting objects: 3, done. remote: Compressing objects: 100% (1/1), done. remote: Total 3 (delta 2), reused 3 (delta 2), pack-reused 0 Unpacking objects: 100% (3/3), done. From https://github.com/JPCERTCC/LogonTracer 72278fb..5a2eb5d master -> origin/master Updating 72278fb..5a2eb5d Fast-forward logontracer.py | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) $ sudo python3 logontracer.py --delete -e ./security.evtx -z +8 -u neo4j -p password -s 192.168.1.69 [] Script start. 2018/06/11 14:38:48 [] Delete all nodes and relationships from this Neo4j database. [] Time zone is 8. [] Last record number is 14480. [] Start parsing the EVTX file. [] Parse the EVTX file ./security.evtx. [] Now loading 14400 records. [] Load finished. [] Total Event log is 14480. [] Calculate PageRank. [] Calculate ChangeFinder. [] Creating a graph data. Traceback (most recent call last): File "logontracer.py", line 810, in main() File "logontracer.py", line 799, in main parse_evtx(args.evtx) File "logontracer.py", line 752, in parse_evtx tx.process() File "/usr/local/lib/python3.6/dist-packages/py2neo/database/init.py", line 1050, in process self._post() File "/usr/local/lib/python3.6/dist-packages/py2neo/database/init.py", line 1293, in _post self._sync() File "/usr/local/lib/python3.6/dist-packages/py2neo/database/init.py", line 1282, in _sync connection.send() File "/usr/local/lib/python3.6/dist-packages/py2neo/packages/neo4j/v1/bolt.py", line 310, in send self.channel.send() File "/usr/local/lib/python3.6/dist-packages/py2neo/packages/neo4j/v1/bolt.py", line 141, in send self.socket.sendall(data) ConnectionResetError: [Errno 104] Connection reset by peer

but the sample security log file can be imported.

$ sudo python3 logontracer.py --delete -e ./sample/Security.evtx -z +8 -u neo4j -p password -s 192.168.1.69 [] Script start. 2018/06/12 03:40:00 [] Delete all nodes and relationships from this Neo4j database. [] Time zone is 8. [] Last record number is 62031. [] Start parsing the EVTX file. [] Parse the EVTX file ./sample/Security.evtx. [] Now loading 62000 records. [] Load finished. [] Total Event log is 62031. [] Calculate PageRank. [] Calculate ChangeFinder. [] Creating a graph data. [] Creation of a graph data finished. [] Script end. 2018/06/12 03:47:08

etmouse avatar Jun 11 '18 14:06 etmouse

Can you share the event log to me in order to resolve this issue? If you can share it please send to logontracer.help (at) gmail.com

shu-tom avatar Jun 14 '18 12:06 shu-tom

these problem also happened to me cam you share how to fix this also ? this tool is so promising if user can operate "user friendly"

redkris avatar Jun 27 '18 08:06 redkris

Same issue: Error: Upload Failed! Clicking the "Log" button shows this: Internal Server Error: The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.

wadeiam avatar Dec 04 '21 01:12 wadeiam

I run Logontracer under k8s, and it show "Internal Server Error: The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application." I don't yet import logs, just press log button.

netlol avatar Jan 10 '22 05:01 netlol