intelmq
intelmq copied to clipboard
certtools
Bots started with IntelMQ-API/Manager stop when the webserver is restarted
When starting bots with the IntelMQ-Manager they crash / stop when the webserver is restarted.
Ways to reproduce:
- Start an arbitrary Bot with IntelMQ-Manager
- Perform a restart of the webserver (
service apache2 restartor similar) - Have a look at the list of running bots. The Bot started in 1) is stopped
Expected Behaviour: The Bot started in 1) is still running after the webserver was restarted.
Scope:
Bots started with intelmqctl or other means, do not seem to be affected.
I placed the issue here and not in the Manager tracker by intention, as I've the feeling that this is a new (younger 3 months) phenomenon, which is not caused by recent changes in the manager. But I may be wrong and did not spend time for a more thorough analysis.
It seems to me quite strange. Webserver/php/controller.php calls intelmqctl that runs the bot for you.
It might be that your bot fails to be started. Intelmqctl waits only 0.25-0.5 s per bot to tell if that bot started succesfully – if it's running after that time, intelmq-manager displays it is running, even it fails just after 0.6 s.
So that the bot may be dead before the webserver restart:
- After starting an arbitrary Bot with IntelMQ-Manager, wait 5 seconds, hit F5 and tell me, is the bot really really running?
- Are the intelmq and intelmq-manager running at the same server? (I.E. same docker container)
Thank you
So that the bot may be dead before the webserver restart:
This is not the case. The bots are really running and processing data. Nevertheless I double checked:
- After starting an arbitrary Bot with IntelMQ-Manager, wait 5 seconds, hit F5 and tell me, is the bot really really running?
yes, it is.
- Are the intelmq and intelmq-manager running at the same server? (I.E. same docker container)
yes, they are. Docker is not used.
The bots receive a sigterm (from the webserver). Not sure how we can mitigate this