Giters

StamusNetworks / SELKS

A Suricata based IDS/IPS/NSM distro

Home Page:https://www.stamus-networks.com/open-source/#selks

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

docker: Arkme needs oui.txt file

pevma opened this issue · comments

commented

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

As reported in SELKS Discord channel - https://discord.com/channels/911231224448712714/911238451842666546/1147186721872678922

Arkime would not start without the oui.txt (vendor mac address lookup file)

docker exec arkime bash -c "cat  /opt/arkime/logs/capture.log " 
Sep  3 12:03:07 main.c:202 parse_args(): WARNING: gethostname doesn't return a fully qualified name and getdomainname failed, this may cause issues when viewing pcaps, use the --host option - 30c6a06fcc2c
Sep  3 12:03:07 http.c:299 moloch_http_send_sync(): 1/1 SYNC 200 http://elasticsearch:9200/_template/arkime_sessions3_template?filter_path=**._meta 0/75 1ms 3ms
Sep  3 12:03:07 http.c:299 moloch_http_send_sync(): 1/1 SYNC 404 http://elasticsearch:9200/arkime_sequence/_doc/fn-30c6a06fcc2c 0/85 0ms 1ms
Sep  3 12:03:07 http.c:299 moloch_http_send_sync(): 1/1 SYNC 201 http://elasticsearch:9200/arkime_sequence/_doc/fn-30c6a06fcc2c?version_type=external&version=100 2/183 0ms 11ms
Sep  3 12:03:07 http.c:299 moloch_http_send_sync(): 1/1 SYNC 404 http://elasticsearch:9200/arkime_stats/_doc/30c6a06fcc2c 0/79 0ms 1ms
Sep  3 12:03:07 http.c:299 moloch_http_send_sync(): 1/1 SYNC 200 http://elasticsearch:9200/arkime_fields/_search?size=3000 0/13680 0ms 4ms
Sep  3 12:03:07 db.c:2624 moloch_db_init(): WARNING - No Geo Country file could be loaded, see https://arkime.com/settings#geolite2country
Sep  3 12:03:07 db.c:2635 moloch_db_init(): WARNING - No Geo ASN file could be loaded, see https://arkime.com/settings#geolite2asn
FATAL CONFIG ERROR - Couldn't stat oui file file /data/config/oui.txt error No such file or directory. ERROR - Maybe try running /opt/arkime /bin/moloch_update_geo.shroot@DonPedros:/opt/hunt/SELKS/docker#

Expected Behavior

No response

Steps To Reproduce

Regular run would not populate the Arkme viewer .

Docker version

Docker version 24.0.2, build cb74dfc

Docker version

docker-compose version 1.27.4, build 40524192

OS Version

Description: Debian GNU/Linux trixie/sid

Content of the environnement File

COMPOSE_PROJECT_NAME=selks
INTERFACES= -i tppdummy0

PWD=$\{PWD\}

Version of SELKS

latest master

commit a030b9acbef9e846cfd247fef9c8ac8c1794c6a8 (HEAD -> master, origin/master, origin/HEAD)

Anything else?

The fix is simple:

docker exec arkime bash -c "wget -O /data/config/oui.txt https://www.wireshark.org/download/automated/data/manuf " 
docker compose restart arkime
commented

Fixed