Comments (2)
Zalgo2462
commented on June 1, 2024
Hello, please check out https://github.com/activecm/rita/blob/master/docs/Docker%20Usage.md
We recommend using docker compose in order to easily link together RITA and MongoDB.
You will first need a copy of the RITA configuration file. A copy can be found at https://raw.githubusercontent.com/activecm/rita/master/etc/rita.yaml
Next, edit that configuration file to ensure the internal subnets match your own. (See these lines) If you are using standard RFC1918 internal subnets, you may skip this step.
Then, grab a copy of the docker-compose file at https://raw.githubusercontent.com/activecm/rita/master/docker-compose.yml
Finally, run the following in the directory with the docker-compose.yml file:
export CONIFG=/path/to/your/rita/config.yaml
export LOGS=/path/to/pcap_to_log
docker compose run --rm rita import /logs dataset-name
That should kick off an import. From there, you can interrogate the data with commands like
docker compose run --rm rita show-beacons -H dataset-name
from rita.
Nissen96
commented on June 1, 2024
This does not work on my Kubuntu installation, I get Failed to connect to database: no reachable servers:
docker compose run --rm rita import /logs hunt
[+] Running 10/10
✔ db 9 layers [⣿⣿⣿⣿⣿⣿⣿⣿⣿] 0B/0B Pulled 89.9s
✔ 41af1b5f0f51 Pull complete 20.8s
✔ 827435b23065 Pull complete 2.5s
✔ 0fcd25440a99 Pull complete 21.5s
✔ 470027a21f64 Pull complete 10.2s
✔ 56445177dcba Pull complete 11.8s
✔ 94c14c6528a6 Pull complete 12.9s
✔ 639a84cbfe37 Pull complete 14.1s
✔ 300a296c539e Pull complete 83.2s
✔ 5d03d7302312 Pull complete 19.5s
[+] Creating 2/2
✔ Volume "train_db" Created 0.0s
✔ Container train-db-1 Created 0.1s
[+] Running 1/1
✔ Container train-db-1 Started 0.7s
[+] Running 3/3
✔ rita 2 layers [⣿⣿] 0B/0B Pulled 7.7s
✔ 8f2b33455d22 Pull complete 1.1s
✔ dc3464d53a27 Pull complete 4.4s
Failed to connect to database: no reachable servers
I have Docker version 24.0.5, and I have followed all the steps you provided (fetching config file and docker-compose.yml setting env vars with export). The default internal subnets should be fine for me.
I am using Ubuntu 23.04 (lunar) with kernel 6.2.0-33-genericand got the same issue running it without docker with a local mongodb, but I assumed it would work out of the box with Docker when fetching the correct mongo image.
Any idea what goes wrong here?
from rita.
Related Issues (20)
- Rita not loading latest logs HOT 1
- RITA Clean Command Randomly Fails With 'no such command: "scale"'
- Provide the amount of time to complete each step in importing if LogLevel turned up to 3
- Rita crashes on import when it encounters a partial IPv4 address HOT 2
- Question about FQDN going away HOT 5
- Question About RITA Config Logs HOT 4
- `host` collection max rollup scores may be old and incorrect
- Making a zeek log file to input to RITA
- rita returns "error: -13" when the next program in a pipeline closes and it can't write a line of output.
- [!] Your operating system is unsupported. HOT 1
- Manual installation permissions bug
- Bug using docker-compose service linking HOT 1
- Add command to show which IP addresses a given domain name resolved to in the dataset
- UserAgents html-report different from show-useragents with JA3 active HOT 2
- Add command to show which domain names a given IP address was resolved from in the dataset
- Combine argument error handling in show-dns-fqdn-ips to handle less than 2 args HOT 1
- Question about mongo db upgrade for usage of RITA on ubuntu 22.04 LTS HOT 2
- Can someone explain how to find what is the EXACT version of Rita ? HOT 1
- Rita Install Script Fail HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rita.