Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pi.Alert using increasing number of arp-scan processes simultaneously #232

Open
whitershadeofpale opened this issue Jul 5, 2023 · 3 comments

Comments

@whitershadeofpale
Copy link

I have installed Pi.Alert using the default one step installer, on a Debian 11 VM to scan a B-class network. No containers.

As soon as the VM boots up, ps aux | grep arp-scan shows two processes of arp-scan one with sudo, one without:

root 867 0.0 0.2 10656 5044 ? S 12:24 0:00 sudo arp-scan --ignoredups --retry=9 --localnet
root 868 0.9 0.4 12532 8108 ? S 12:24 0:00 arp-scan --ignoredups --retry=9 --localnet

Bu after some time (probably a minute), two more processes are started, with --retry=16. This results in an increased amount of arp traffic in the network over time.

I have tried to edit cron jobs and left only one line for pialert.py scan, with a 3 hour period only. And modified pialert.py to set

cycle_interval = 90
arpscan_retries = 1

manually, without using values from the DB. But this did not stop the new processes spawning, just kept their number below 6, for some reason.

Devices page is populated with discovered IPs, looks nothing wrong, as far as I can tell.

How can I strictly keep arp scans under control? Like one single process every 3 hours or so? Why does it start two processes, one with sudo, the other without?

@leiweibau
Copy link

Shameless self-promotion ;-)

I addressed the issue in my fork over a year ago (leiweibau/Pi.Alert@feb3eab)
Since then, I have made further diverse adjustments of various kinds.

@whitershadeofpale
Copy link
Author

Hi and thanks for replying.

Yeah, I have found your fork just after having this issue. And infact, I've been considering writing to your github page. Can I upgrade my installation to your version, by you one step updater you have provided:

curl -sSL https://github.com/leiweibau/Pi.Alert/raw/main/install/pialert_update.sh | bash

I have given names to endpoints, locations etc. and I dont want to loose them.

Besides, I'm trying to understand all logic behind. Vendors file cannot be updated, I'm getting "Zero-sized response from from.." errors from update_vendors.sh file (there are multiple ieee-data file locations: /usr/lib/ieee-data, /var/lib/ieee-data, /usr/share/ieee-data, one of them missing, other one symlinked), multiple arp-scan processes, etc. I dont understand the Scan Cycle logic (Scan 12 min every 15 min?). Is there any detailed information on your side? I've read one of your replies which mentions about bulk-editor, which would be great.

@leiweibau
Copy link

leiweibau commented Jul 6, 2023

Can I upgrade my installation to your version, by you one step updater you have provided

No. This update script is only recommended for an already existing installation of this fork. If you are using another fork, I recommend uninstalling it first. If you backup the database, it may be possible to continue using it with my fork after a patch (pialert-cli). After restoring your DB keep this in mind:

Check in the Pi.Alert directory if the database folder (db) has been assigned the correct permissions:
drwxrwx--- 2 (your username) www-data
If the permission is not correct, you can set it again with the following commands in the terminal or the console:
sudo chgrp -R www-data ~/pialert/db
sudo chown [Username]:www-data ~/pialert/db/pialert.db
chmod -R 770 ~/pialert/db
You can also perform these steps using ./pialert-cli set_permissions in the directory ~/pialert/back. If the database remains >read-only afterwards, try reinstalling or restoring a database backup through the maintenance page. Please make sure to >check and adjust the permissions accordingly.

Vendors file cannot be updated

Yes, it's been a known problem with the main project for some time (#203, #164, #150, ...). But since this is no longer maintained, no one corrects it. However, it may possibly be due to a possibly active DNS ad blocker.

I dont understand the Scan Cycle logic

The ScanCycle logic is a bit more complex, but no longer relevant in my fork, since I only use one ScanCycle (ScanCycle 1) every 5 min

I've read one of your replies which mentions about bulk-editor, which would be great.

You can read about it here https://github.com/leiweibau/Pi.Alert/blob/main/docs/BULKEDITOR.md

ademol pushed a commit to ademol/Pi.Alert that referenced this issue Nov 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants