Several issues #1252
Replies: 1 comment 3 replies
-
|
Please follow the Troubleshooting section to pinpoint what is going on. |
Beta Was this translation helpful? Give feedback.
-
|
I don't understand, the troubleshooting section just says I'm not guaranteed support or help, just free to post here. I can't pinpoint what is going on, there are too many errors, that's why I posted here. Do you need additional information, I'm not sure I follow. |
Beta Was this translation helpful? Give feedback.
-
|
You did not follow the Troubleshooting section which is why I cannot make sense of the information you posted above. Hence I cannot help. |
Beta Was this translation helpful? Give feedback.
-
|
There is nothing provided in the troubleshooting section. |
Beta Was this translation helpful? Give feedback.
-
I have several problems I'm not really sure how to fix, any help or guidance would be greatly appreciated.
Firstly, I run a distributed version of the tpot on two machines, one hive one sensor. They are both VM's (not sure about the underlying OS/hypervisor, it's company issues I'm guessing Vsphere). They both have 2 cpu's and 8gb ram. I have successfully deployed the sensor.
Not sure what is causing the issue with the high cpu usage, I've checked the previous posts about it but to no avail.
Second, in the discover tab on kibana all the logs have the tpot_hostname = hive. Is this normal operating procedure or is it supposed to be the hostname of the sensor?
Thirdly, I'd like to stop several of the docker services but unsuccessfully. I've tried commenting out the services in the tpot.yml file and with docker stop several times. All I get with the docker stop command is the tpot stopping (or rather just restarting) and the service/honeypot is still up. Commenting out in the tpot.yml file did nothing, even after a reboot.
Lastly, the tpot service on the hive is always showing inactive even when almost all of the honeypots are up and running.
Edit: just found these questions
What version of the OS are you currently using lsb_release -a and uname -a?
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye
What T-Pot version are you currently using? T-Pot 22.04.0
What edition (Standard, Nextgen, etc.) of T-Pot are you running? Distributed
What architecture are you running on (i.e. hardware, cloud, VM, etc.)? VM
Did you have any problems during the install? If yes, please attach /install.log /install.err. No
How long has your installation been running? ~month
Did you install upgrades, packages or use the update script? No
Did you modify any scripts or configs? If yes, please attach the changes. No
Please provide a screenshot of glances and htop. - attached above
How much free disk space is available (df -h)?
What is the current container status (dps.sh)? Attached above
What is the status of the T-Pot service (systemctl status tpot)?
What ports are being occupied?
If a single container shows as DOWN you can run docker logs for the latest log entries N/A
Beta Was this translation helpful? Give feedback.
All reactions