intelmq icon indicating copy to clipboard operation
intelmq copied to clipboard
verified publisher icon certtools

Shardowserver JSON-Parser does not find config

Open pierewoehl opened this issue 3 years ago • 1 comments

Rocky Linux 8, IntelMQ - 3.0.2 installed via RPM

2022-11-10 11:24:11,944 - ShadowserverJSON-Parser - INFO - ShadowserverJSONParserBot initialized with id ShadowserverJSON-Parser and intelmq 3.0.2 and python 3.8.12 (default, May 10 2022, 23:46:40) as process 91867.
2022-11-10 11:24:11,944 - ShadowserverJSON-Parser - INFO - Bot is starting.
2022-11-10 11:24:11,959 - ShadowserverJSON-Parser - DEBUG - Loading Harmonization configuration from '/etc/intelmq/harmonization.conf'.
2022-11-10 11:24:12,000 - ShadowserverJSON-Parser - DEBUG - Loading source pipeline and queue 'ShadowserverJSON-Parser-queue'.
2022-11-10 11:24:12,001 - ShadowserverJSON-Parser - DEBUG - Connected to source queue.
2022-11-10 11:24:12,001 - ShadowserverJSON-Parser - DEBUG - Loading destination pipeline and queues {'_default': ['File-Output-queue', 'SPLUNK06-queue']}.
2022-11-10 11:24:12,001 - ShadowserverJSON-Parser - DEBUG - Connected to destination queues.
2022-11-10 11:24:12,001 - ShadowserverJSON-Parser - INFO - Bot initialization completed.
2022-11-10 11:24:12,001 - ShadowserverJSON-Parser - DEBUG - Loading source pipeline and queue 'ShadowserverJSON-Parser-queue'.
2022-11-10 11:24:12,001 - ShadowserverJSON-Parser - DEBUG - Connected to source queue.
2022-11-10 11:24:12,001 - ShadowserverJSON-Parser - DEBUG - Loading destination pipeline and queues {'_default': ['File-Output-queue', 'LINSPLUNK06-queue']}.
2022-11-10 11:24:12,001 - ShadowserverJSON-Parser - DEBUG - Connected to destination queues.
2022-11-10 11:24:12,002 - ShadowserverJSON-Parser - DEBUG - Waiting for incoming message.
2022-11-10 11:26:43,597 - ShadowserverJSON-Parser - DEBUG - Received message {'time.observation': '2022-11-10T10:26:43+00:00', 'extra.file_name': '2022-11-08-device_id-XXXX-ip.json', 'raw': 'Wwp7InRpbWVzdGFtcCI6ICIyMDIyLTExLTA4IDAwOjE3OjIzWiIsICJpcCI6ICIyMTIuNS4xMDYuNDciLCAicHJvdG9jb2wiOiAidGNwIiwgInBvcnQiOiAyMDAwLCAiaG9zdG5hbWUiOiAiaG9zdC00Ny52bmlpc2RtLm1hY29tbmV0Lm5ldCIsICJ0YWciOiAibWlrcm90aWssaW90IiwgImFzbiI6IDg0NzAsICJnZW8iOiAiUlUiLCAicmVnaW9uIjogIk1PU0tWQSIsICJjaXR5IjogIk1PU0NPVyIsICJuYWljcyI6ICIiLCAic2ljIjogIiIsICJzZWN0b3IiOiAiTWluaW5nLCBRdWFycnlpbmcsIGFuZCBPaWwgYW5kIEdhcyBFe...', 'feed.name': 'ShadowServerAPI', 'feed.accuracy': 100.0}.
2022-11-10 11:26:43,597 - ShadowserverJSON-Parser - DEBUG - Detected report's file name: device_id.
2022-11-10 11:26:43,597 - ShadowserverJSON-Parser - ERROR - Bot has found a problem.
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/intelmq/lib/bot.py", line 310, in start
    self.process()
  File "/usr/lib/python3.8/site-packages/intelmq/lib/bot.py", line 1036, in process
    for line in self.parse(report):
  File "/usr/lib/python3.8/site-packages/intelmq/bots/parsers/shadowserver/parser_json.py", line 60, in parse
    raise ValueError('Could not get a config for {!r}, check the documentation.'
ValueError: Could not get a config for 'device_id', check the documentation.
2022-11-10 11:26:43,599 - ShadowserverJSON-Parser - INFO - Bot will continue in 15 seconds.

pierewoehl avatar Nov 10 '22 10:11 pierewoehl

device_id should is a correct feed name, but not supported in the version 3.0.2. You'll need to use the upcoming 3.1.0 (very soon) or try a dev version.

sebix avatar Dec 22 '22 15:12 sebix