Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Event log import error #20

Open
etmouse opened this issue Jun 11, 2018 · 6 comments
Open

Event log import error #20

etmouse opened this issue Jun 11, 2018 · 6 comments

Comments

@etmouse
Copy link

etmouse commented Jun 11, 2018

hi,when i import my event log ,i got these errors.but the sample Securyty.evtx is good,why?

$ sudo python3 logontracer.py --delete -e ./security.evtx -z +8 -u neo4j -p passwrod -s 192.168.1.69
[] Script start. 2018/06/11 09:03:54
[] Delete all nodes and relationships from this Neo4j database.
[] Time zone is 8.
[] Last record number is 14480.
[] Start parsing the EVTX file.
[] Parse the EVTX file ./security.evtx.
[] Now loading 14400 records.
[] Load finished.
[] Total Event log is 14480.
[] Calculate PageRank.
[] Calculate ChangeFinder.
[] Creating a graph data.
Traceback (most recent call last):
File "logontracer.py", line 803, in
main()
File "logontracer.py", line 792, in main
parse_evtx(args.evtx, GRAPH)
File "logontracer.py", line 745, in parse_evtx
tx.process()
File "/usr/local/lib/python3.6/dist-packages/py2neo/database/init.py", line 1050, in process
self._post()
File "/usr/local/lib/python3.6/dist-packages/py2neo/database/init.py", line 1293, in _post
self._sync()
File "/usr/local/lib/python3.6/dist-packages/py2neo/database/init.py", line 1282, in _sync
connection.send()
File "/usr/local/lib/python3.6/dist-packages/py2neo/packages/neo4j/v1/bolt.py", line 310, in send
self.channel.send()
File "/usr/local/lib/python3.6/dist-packages/py2neo/packages/neo4j/v1/bolt.py", line 141, in send
self.socket.sendall(data)
ConnectionResetError: [Errno 104] Connection reset by peer
shu-tom added a commit that referenced this issue Jun 11, 2018
@shu-tom
Changed to connect to neo4j server just before uploading data #20
5a2eb5d
@shu-tom
Copy link
Member

shu-tom commented Jun 11, 2018

Your neo4j server may have timeout. I changed to connect to neo4j server just before uploading data. Please try the fixed version.

@etmouse
Copy link
Author

etmouse commented Jun 11, 2018
edited
Loading

after update,the problem is still there

$ sudo git pull
remote: Counting objects: 3, done.
remote: Compressing objects: 100% (1/1), done.
remote: Total 3 (delta 2), reused 3 (delta 2), pack-reused 0
Unpacking objects: 100% (3/3), done.
From https://github.com/JPCERTCC/LogonTracer
72278fb..5a2eb5d master -> origin/master
Updating 72278fb..5a2eb5d
Fast-forward
logontracer.py | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
$ sudo python3 logontracer.py --delete -e ./security.evtx -z +8 -u neo4j -p password -s 192.168.1.69
[] Script start. 2018/06/11 14:38:48
[] Delete all nodes and relationships from this Neo4j database.
[] Time zone is 8.
[] Last record number is 14480.
[] Start parsing the EVTX file.
[] Parse the EVTX file ./security.evtx.
[] Now loading 14400 records.
[] Load finished.
[] Total Event log is 14480.
[] Calculate PageRank.
[] Calculate ChangeFinder.
[] Creating a graph data.
Traceback (most recent call last):
File "logontracer.py", line 810, in
main()
File "logontracer.py", line 799, in main
parse_evtx(args.evtx)
File "logontracer.py", line 752, in parse_evtx
tx.process()
File "/usr/local/lib/python3.6/dist-packages/py2neo/database/init.py", line 1050, in process
self._post()
File "/usr/local/lib/python3.6/dist-packages/py2neo/database/init.py", line 1293, in _post
self._sync()
File "/usr/local/lib/python3.6/dist-packages/py2neo/database/init.py", line 1282, in _sync
connection.send()
File "/usr/local/lib/python3.6/dist-packages/py2neo/packages/neo4j/v1/bolt.py", line 310, in send
self.channel.send()
File "/usr/local/lib/python3.6/dist-packages/py2neo/packages/neo4j/v1/bolt.py", line 141, in send
self.socket.sendall(data)
ConnectionResetError: [Errno 104] Connection reset by peer

but the sample security log file can be imported.

$ sudo python3 logontracer.py --delete -e ./sample/Security.evtx -z +8 -u neo4j -p password -s 192.168.1.69
[] Script start. 2018/06/12 03:40:00
[] Delete all nodes and relationships from this Neo4j database.
[] Time zone is 8.
[] Last record number is 62031.
[] Start parsing the EVTX file.
[] Parse the EVTX file ./sample/Security.evtx.
[] Now loading 62000 records.
[] Load finished.
[] Total Event log is 62031.
[] Calculate PageRank.
[] Calculate ChangeFinder.
[] Creating a graph data.
[] Creation of a graph data finished.
[] Script end. 2018/06/12 03:47:08

@shu-tom
Copy link
Member

shu-tom commented Jun 14, 2018

Can you share the event log to me in order to resolve this issue?
If you can share it please send to logontracer.help (at) gmail.com

@redkris
Copy link

redkris commented Jun 27, 2018

these problem also happened to me cam you share how to fix this also ? this tool is so promising if user can operate "user friendly"

@wadeiam
Copy link

wadeiam commented Dec 4, 2021

Same issue:
Error: Upload Failed!
Clicking the "Log" button shows this:
Internal Server Error: The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.

@netlol
Copy link

netlol commented Jan 10, 2022

I run Logontracer under k8s, and it show "Internal Server Error: The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application." I don't yet import logs, just press log button.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@shu-tom @wadeiam @redkris @netlol @etmouse