Device list not populated after ARP scan

[lordraiden]

Is there an existing issue for this?

• I have searched the existing open and closed issues and I checked the docs https://github.com/jokob-sk/NetAlertX/tree/main/docs

The issue occurs in the following browsers. Select at least 2.

• Firefox
• Chrome
• Edge
• Safari (unsupported) - PRs welcome
• N/A - This is an issue with the backend

Current Behavior

Arp scan finish correctly but devices aren't being populated

Expected Behavior

Device list not empty

After finishing the ARP scan it never creates the new devices

Steps To Reproduce

nginx log

2025/01/12 14:25:26 [crit] 106#106: *1 connect() to unix:/run/php/php8.3-fpm.sock failed (2: No such file or directory) while connecting to upstream, client: 10.10.40.10, server: , request: "GET /php/server/utilNotification.php?action=get_unread_notifications HTTP/1.1", upstream: "fastcgi://unix:/run/php/php8.3-fpm.sock:", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/devices.php"
2025/01/12 14:25:33 [error] 105#105: *10 open() "/app/front/.well-known/gpc.json" failed (2: No such file or directory), client: 10.10.40.10, server: , request: "GET /.well-known/gpc.json HTTP/1.1", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/userNotifications.php"
2025/01/12 14:25:35 [error] 108#108: *11 open() "/app/front/.well-known/gpc.json" failed (2: No such file or directory), client: 10.10.40.10, server: , request: "GET /.well-known/gpc.json HTTP/1.1", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/report.php?guid=6b30c78e-aa64-47c0-969c-e2e5e62b1c08"
2025/01/12 14:25:38 [error] 108#108: *11 open() "/app/front/.well-known/gpc.json" failed (2: No such file or directory), client: 10.10.40.10, server: , request: "GET /.well-known/gpc.json HTTP/1.1", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/devices.php"
2025/01/12 14:25:39 [error] 106#106: *12 open() "/app/front/.well-known/gpc.json" failed (2: No such file or directory), client: 10.10.40.10, server: , request: "GET /.well-known/gpc.json HTTP/1.1", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/devices.php"
2025/01/12 14:25:41 [error] 106#106: *20 open() "/app/front/.well-known/gpc.json" failed (2: No such file or directory), client: 10.10.40.10, server: , request: "GET /.well-known/gpc.json HTTP/1.1", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/network.php"
2025/01/12 14:25:43 [warn] 106#106: *20 an upstream response is buffered to a temporary file /var/lib/nginx/tmp/fastcgi/1/00/0000000001 while reading upstream, client: 10.10.40.10, server: , request: "GET /settings.php HTTP/1.1", upstream: "fastcgi://unix:/run/php/php8.3-fpm.sock:", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/network.php"
2025/01/12 14:25:43 [error] 106#106: *1 open() "/app/front/.well-known/gpc.json" failed (2: No such file or directory), client: 10.10.40.10, server: , request: "GET /.well-known/gpc.json HTTP/1.1", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/settings.php"
2025/01/12 14:25:46 [error] 106#106: *70 open() "/app/front/.well-known/gpc.json" failed (2: No such file or directory), client: 10.10.40.10, server: , request: "GET /.well-known/gpc.json HTTP/1.1", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/maintenance.php"
2025/01/12 14:25:46 [warn] 106#106: *71 an upstream response is buffered to a temporary file /var/lib/nginx/tmp/fastcgi/2/00/0000000002 while reading upstream, client: 10.10.40.10, server: , request: "POST /php/components/logs.php HTTP/1.1", upstream: "fastcgi://unix:/run/php/php8.3-fpm.sock:", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/maintenance.php"
2025/01/12 14:26:09 [error] 106#106: *82 open() "/app/front/.well-known/gpc.json" failed (2: No such file or directory), client: 10.10.40.10, server: , request: "GET /.well-known/gpc.json HTTP/1.1", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/userNotifications.php"
2025/01/12 14:26:21 [error] 106#106: *82 open() "/app/front/.well-known/gpc.json" failed (2: No such file or directory), client: 10.10.40.10, server: , request: "GET /.well-known/gpc.json HTTP/1.1", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/userNotifications.php"
2025/01/12 14:26:21 [warn] 107#107: *116 an upstream response is buffered to a temporary file /var/lib/nginx/tmp/fastcgi/3/00/0000000003 while reading upstream, client: 10.10.40.10, server: , request: "GET /php/server/query_json.php?file=table_settings.json&nocache=1736688382770 HTTP/1.1", upstream: "fastcgi://unix:/run/php/php8.3-fpm.sock:", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/userNotifications.php"
2025/01/12 14:26:26 [error] 107#107: *116 open() "/app/front/.well-known/gpc.json" failed (2: No such file or directory), client: 10.10.40.10, server: , request: "GET /.well-known/gpc.json HTTP/1.1", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/plugins.php"
2025/01/12 14:26:46 [error] 107#107: *116 open() "/app/front/.well-known/gpc.json" failed (2: No such file or directory), client: 10.10.40.10, server: , request: "GET /.well-known/gpc.json HTTP/1.1", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/devices.php"
2025/01/12 14:27:17 [warn] 107#107: *239 an upstream response is buffered to a temporary file /var/lib/nginx/tmp/fastcgi/4/00/0000000004 while reading upstream, client: 10.10.40.10, server: , request: "GET /php/server/query_json.php?file=table_settings.json&nocache=1736688439252 HTTP/1.1", upstream: "fastcgi://unix:/run/php/php8.3-fpm.sock:", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/devices.php"
2025/01/12 14:27:30 [error] 107#107: *242 open() "/app/front/.well-known/gpc.json" failed (2: No such file or directory), client: 10.10.40.10, server: , request: "GET /.well-known/gpc.json HTTP/1.1", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/plugins.php"
2025/01/12 14:28:56 [error] 107#107: *242 open() "/app/front/.well-known/gpc.json" failed (2: No such file or directory), client: 10.10.40.10, server: , request: "GET /.well-known/gpc.json HTTP/1.1", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/maintenance.php"
2025/01/12 14:28:57 [warn] 108#108: *399 an upstream response is buffered to a temporary file /var/lib/nginx/tmp/fastcgi/5/00/0000000005 while reading upstream, client: 10.10.40.10, server: , request: "POST /php/components/logs.php HTTP/1.1", upstream: "fastcgi://unix:/run/php/php8.3-fpm.sock:", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/maintenance.php"
2025/01/12 14:29:09 [error] 108#108: *409 open() "/app/front/.well-known/gpc.json" failed (2: No such file or directory), client: 10.10.40.10, server: , request: "GET /.well-known/gpc.json HTTP/1.1", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/settings.php"
2025/01/12 14:29:09 [warn] 108#108: *417 an upstream response is buffered to a temporary file /var/lib/nginx/tmp/fastcgi/6/00/0000000006 while reading upstream, client: 10.10.40.10, server: , request: "GET /settings.php HTTP/1.1", upstream: "fastcgi://unix:/run/php/php8.3-fpm.sock:", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/maintenance.php"
2025/01/12 14:29:25 [error] 108#108: *467 open() "/app/front/.well-known/gpc.json" failed (2: No such file or directory), client: 10.10.40.10, server: , request: "GET /.well-known/gpc.json HTTP/1.1", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/devices.php"
2025/01/12 14:31:14 [error] 107#107: *597 open() "/app/front/.well-known/gpc.json" failed (2: No such file or directory), client: 10.10.40.10, server: , request: "GET /.well-known/gpc.json HTTP/1.1", host: "netalertx.anon.com", referrer: "https://netalertx.anon.com/maintenance.php"

app.conf

default only changed scan_subnets parameter

docker-compose.yml

netalertx:
    container_name: ${netalertx_name}
    image: jokobsk/netalertx:latest      
    network_mode: "host"
    <<: [*config, *dns, *sec]
    volumes:
      - ${dockerdir}/NetAlertX/config:/app/config
      - ${dockerdir}/NetAlertX/db:/app/db      
      # (optional) useful for debugging if you have issues setting up the container
      # - ${dockerdir}/NetAlertX/logs:/app/log
      # (API: OPTION 1) use for performance
      - type: tmpfs
        target: /app/api
      # (API: OPTION 2) use when debugging issues 
      # -  local_path/api:/app/api
    environment:
      - TZ     
      - PORT=20211
    labels:
      <<: *labels
      net.unraid.docker.icon: "https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/front/img/NetAlertX_logo.png"
      net.unraid.docker.webui: "https://${netalertx_name}.${mydomain}"
      homepage.group: Monitoring
      homepage.name: ${netalertx_name}
      homepage.icon: netalertx.png # https://github.com/walkxcode/dashboard-icons/tree/main/png https://gethomepage.dev/configs/services/#icons
      homepage.href: https://${netalertx_name}.${mydomain}
      homepage.description: Monitoring network service
      homepage.weight: 6
      homepage.showStats: false

What installation are you running?

Production (netalertx)

app.log

14:25:27 [Settings] ⚠ ERROR - JSONDecodeError or FileNotFoundError for file /app/api/table_settings.json
14:25:27 [MAIN] Setting up ...
14:25:27 [conf.tz] Setting up ...
14:25:27

14:25:27 The backend restarted (started). If this is unexpected check https://bit.ly/NetAlertX_debug for troubleshooting tips.
14:25:27

14:25:27 Permissions check (All should be True)
14:25:27 ------------------------------------------------
14:25:27 /config/app.conf | READ | True
14:25:27 /config/app.conf | WRITE | True
14:25:27 /db/app.db | READ | True
14:25:27 /db/app.db | WRITE | True
14:25:27 ------------------------------------------------
14:25:27 [Setup] Attempting to fix permissions.
14:25:27 [Setup] Attempting to fix permissions.
14:25:27 [Version check] Running the latest version.
14:25:27 [Database] Opening DB
14:25:27 [upgradeDB] Re-creating Settings table
14:25:27 [upgradeDB] Removing Pholus_Scan table
14:25:27 [upgradeDB] Re-creating Parameters table
14:25:28 [Config] reading config file
14:25:28 [Config] Plugins: Number of all plugins (including not loaded): 42
14:25:28 [Plugin utils] ---------------------------------------------
14:25:28 [Plugin utils] display_name: Arp-Scan (Network scan)
14:25:28 [Plugin utils] description: This plugin is to execute an arp-scan on the local network
14:25:28 [Plugin utils] ---------------------------------------------
14:25:28 [Plugin utils] display_name: AVAHISCAN (Name discovery)
14:25:28 [Plugin utils] description: A plugin to discover device names via mDNS.
14:25:28 [Plugin utils] ---------------------------------------------
14:25:28 [Plugin utils] display_name: Internet-Check
14:25:28 [Plugin utils] description: A plugin to check your internet connectivity and IP.
14:25:28 [Plugin utils] ---------------------------------------------
14:25:28 [Plugin utils] display_name: NSLOOKUP (Name discovery)
14:25:28 [Plugin utils] description: A plugin to discover device names.
14:25:28 [Plugin utils] ---------------------------------------------
14:25:28 [Plugin utils] display_name: Email publisher (SMTP)
14:25:28 [Plugin utils] description: A plugin to publish a notification via Email (SMTP) gateway.
14:25:28 [Plugin utils] ---------------------------------------------
14:25:28 [Plugin utils] display_name: CSV backup
14:25:28 [Plugin utils] description: A plugin to auto-generate devices.csv backups.
14:25:28 [Plugin utils] ---------------------------------------------
14:25:28 [Plugin utils] display_name: Custom properties
14:25:28 [Plugin utils] description: Settings related to the custom properties functionality on a device.
14:25:28 [Plugin utils] ---------------------------------------------
14:25:28 [Plugin utils] display_name: DB cleanup
14:25:28 [Plugin utils] description: A plugin to schedule database cleanup & upkeep tasks.
14:25:28 [Plugin utils] ---------------------------------------------
14:25:28 [Plugin utils] display_name: Maintenance
14:25:28 [Plugin utils] description: A plugin for maintenance tasks.
14:25:28 [Plugin utils] ---------------------------------------------
14:25:28 [Plugin utils] display_name: New Devices
14:25:28 [Plugin utils] description: The template used for new devices.
14:25:28 [Plugin utils] ---------------------------------------------
14:25:28 [Plugin utils] display_name: Notification Processing
14:25:28 [Plugin utils] description: A plugin to for advanced notification processing.
14:25:28 [Plugin utils] ---------------------------------------------
14:25:28 [Plugin utils] display_name: Set password
14:25:28 [Plugin utils] description: A simple plugin to set the web ui password on app start.
14:25:28 [Plugin utils] ---------------------------------------------
14:25:28 [Plugin utils] display_name: Sync Hub
14:25:28 [Plugin utils] description: Plugin to synchronize multiple NetAlertX instances.
14:25:29 [Plugin utils] ---------------------------------------------
14:25:29 [Plugin utils] display_name: UI settings
14:25:29 [Plugin utils] description: Plugin to adjust UI settings.
14:25:29 [Plugin utils] ---------------------------------------------
14:25:29 [Plugin utils] display_name: Vendor update
14:25:29 [Plugin utils] description: A plugin to schedule vendor database updates for mac based vendor resolution.
14:25:29 [Plugin utils] ---------------------------------------------
14:25:29 [Plugin utils] display_name: Workflows
14:25:29 [Plugin utils] description: A plugin to adjust behavior of workflows.
14:25:29 [Config] ⛔ Unloading WEBMON
14:25:29 [Config] ⛔ Unloading UNDIS
14:25:29 [Config] ⛔ Unloading INTRSPD
14:25:29 [Config] ⛔ Unloading DDNS
14:25:29 [Config] ⛔ Unloading WEBHOOK
14:25:29 [Config] ⛔ Unloading TELEGRAM
14:25:29 [Config] ⛔ Unloading PUSHSAFER
14:25:29 [Config] ⛔ Unloading PUSHOVER
14:25:29 [Config] ⛔ Unloading NTFY
14:25:29 [Config] ⛔ Unloading MQTT
14:25:29 [Config] ⛔ Unloading APPRISE
14:25:29 [Config] ⛔ Unloading NMAP
14:25:29 [Config] ⛔ Unloading ICMP
14:25:29 [Config] ⛔ Unloading NMAPDEV
14:25:29 [Config] ⛔ Unloading NBTSCAN
14:25:29 [Config] ⛔ Unloading DHCPSRVS
14:25:29 [Config] ⛔ Unloading DHCPLSS
14:25:29 [Config] ⛔ Unloading PIHOLE
14:25:29 [Config] ⛔ Unloading UNFIMP
14:25:29 [Config] ⛔ Unloading SNMPDSC
14:25:29 [Config] ⛔ Unloading MTSCAN
14:25:29 [Config] ⛔ Unloading LUCIRPC
14:25:29 [Config] ⛔ Unloading WOL
14:25:29 [Config] ⛔ Unloading OMDSDN
14:25:29 [Config] ⛔ Unloading IPNEIGH
14:25:29 [Config] ⛔ Unloading FREEBOX
14:25:29 [Config] Number of Plugins to load: 16
14:25:29 [Config] Plugins to load: ['ARPSCAN', 'AVAHISCAN', 'INTRNT', 'NSLOOKUP', 'SMTP', 'CSVBCKP', 'CUSTPROP', 'DBCLNP', 'MAINT', 'NEWDEV', 'NTFPRCS', 'SETPWD', 'SYNC', 'UI', 'VNDRPDT', 'WORKFLOWS']
14:25:29 [Config] App upgraded 🚀
14:25:29 [graphql_server] Starting on port: 20212
14:25:29 [Config] Imported new settings config
14:25:29 [Scheduler] run for ARPSCAN: NO
14:25:29 [Scheduler] run for INTRNT: NO
14:25:29 [Scheduler] run for CSVBCKP: NO
14:25:29 [Scheduler] run for DBCLNP: NO
14:25:29 [Scheduler] run for MAINT: NO
14:25:29 [Scheduler] run for VNDRPDT: NO
14:25:29 [Plugin utils] ---------------------------------------------
14:25:29 [Plugin utils] display_name: AVAHISCAN (Name discovery)
14:25:29 [Plugins] Executing: python3 /app/front/plugins/avahi_scan/avahi_scan.py
14:25:30 [Plugins] Output: [plugin_helper] reading config file
14:25:30 [AVAHISCAN] In script
14:25:30 [Database] Opening DB
14:25:30 [AVAHISCAN] Unknown devices count: 0
14:25:30 [AVAHISCAN] Script finished

14:25:30 [Plugins] Processed and deleted file: /app/log/plugins/last_result.AVAHISCAN.log
14:25:30 [Plugins] No output received from the plugin "AVAHISCAN"
14:25:30 [Plugin utils] ---------------------------------------------
14:25:30 [Plugin utils] display_name: NSLOOKUP (Name discovery)
14:25:30 [Plugins] Executing: python3 /app/front/plugins/nslookup_scan/nslookup.py
14:25:30 [Plugins] Output: [plugin_helper] reading config file
14:25:30 [NSLOOKUP] In script
14:25:30 [Database] Opening DB
14:25:30 [NSLOOKUP] Unknown devices count: 0
14:25:30 [NSLOOKUP] Script finished

14:25:30 [Plugins] Processed and deleted file: /app/log/plugins/last_result.NSLOOKUP.log
14:25:30 [Plugins] No output received from the plugin "NSLOOKUP"
14:25:30 [Notification] Check if something to report
14:25:30 [Notification] Included sections: ['new_devices', 'down_devices', 'events']
14:25:30 [Notification] Open text Template
14:25:30 [Notification] Open html Template
14:25:30 [Notification] Using template/app/front/report_templates/report_template.html
14:25:30 [Notification] New Devices sections done.
14:25:30 [Notification] Down Devices sections done.
14:25:30 [Notification] Reconnected Down Devices sections done.
14:25:30 [Notification] Events sections done.
14:25:30 [Notification] Plugins sections done.
14:25:30 [Send API] Updating notification_* files in /app/api/
14:25:30 [Notification] Udating API files
14:25:30 [Notification] Notifications changes: 18
14:25:30 [MAIN] Process: Idle

14:29:25 [graphql_schema] Applying status filter: my_devices
14:29:25 [graphql_schema] allowed_statuses: ['online', 'offline', 'archived', 'new', 'down']
14:29:30 [Plugins] Output: [plugin_helper] reading config file
14:29:19 [ARP Scan] In script
14:29:19 [ARPSCAN] userSubnetsParam: 10.10.10.0/24 --interface=eth0
14:29:19 [Database] Opening DB
14:29:30 [ARPSCAN] arpscan_output: Interface: eth0, type: EN10MB, MAC: 04:d4:c4:4b:30:66, IPv4: 10.10.10.10
Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)

ANONYMIZED

19 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 256 hosts scanned in 11.095 seconds (23.07 hosts/sec). 17 responded

14:29:30 [ARPSCAN] Found: Devices without duplicates 17
14:29:30 [ARPSCAN] Devices List len:17

ANONYMIZED

14:29:30 [Plugins] Processed and deleted file: /app/log/plugins/last_result.ARPSCAN.log
14:29:30 [Plugins] SUCCESS, received 17 entries
14:29:30 [2025-01-12 14:29:30+01:00] END Run: ARPSCAN
14:29:30 [ExecutionLog] Processed event: run
14:29:30 [check_and_run_user_event] INFO: Executed events: run with param ARPSCAN
14:29:35 [Scheduler] run for ARPSCAN: NO
14:29:35 [Scheduler] run for INTRNT: NO
14:29:35 [Scheduler] run for CSVBCKP: NO
14:29:35 [Scheduler] run for DBCLNP: NO
14:29:35 [Scheduler] run for MAINT: NO
14:29:35 [Scheduler] run for VNDRPDT: NO
14:29:35 [Process Scan] Exclude ignored devices
14:29:35 [Process Scan] Processing scan results
14:29:35 [Process Scan] Print Stats
14:29:35 [Scan Stats] Devices Detected.......: 18
14:29:35 [Scan Stats] New Devices............: 18
14:29:35 [Scan Stats] Down Alerts............: 1
14:29:35 [Scan Stats] New Down Alerts........: 1
14:29:35 [Scan Stats] New Connections........: 0
14:29:35 [Scan Stats] Disconnections.........: 1
14:29:35 [Scan Stats] IP Changes.............: 0
14:29:35 [Scan Stats] Scan Method Statistics:
14:29:35 ARPSCAN: 17
14:29:35 local_MAC: 1
14:29:35 [Process Scan] Stats end
14:29:35 [Process Scan] Sessions Events (connect / disconnect)
14:29:35 [Process Scan] Creating new devices

Debug enabled

• I have read and followed the steps in the wiki link above and provided the required debug logs and the log section covers the time when the issue occurs.

[jokob-sk]

Hi @lordraiden ,

Thanks for the report.

I'm not getting this error so I assume this can be related to a reverse proxy setup or similar. ChatGPT also suggested it may be caused by a privacy browser addon, so maybe test a different browser?

Still, I added a gpc.json file in the location from the error, but unsure if the format is correct.

It would be great if you could test this. Can you please switch to the netalertx-dev docker image (backup everything at first or, ideally spin up a separate container with a separate db and config), in about 15 minutes (or after the last action finishes) from now?

Make sure you refresh your browser cache - and click the 🔄 refresh button in the top right corner.

Thanks in advance,
j

[jokob-sk]

Oh also, please make sure your SCAN_SUBNETS is configured correctly:

https://github.com/jokob-sk/NetAlertX/blob/main/docs/SUBNETS.md

[lordraiden]

It looks like the IPS is blocking some requests related with SQL injection that are related with the container and the reverse proxy, a false positive. I have still to doble check everything and whitelist to see if it works

2025-01-12 22:26:22IPSmessageid="07002" log_type="IDP" log_component="Signatures" log_subtype="Drop" ips_policy="" ips_policy_id="10" fw_rule_id="38" fw_rule_name="Webserver(40) to HA(10)" fw_rule_section="Local rule" user="" sig_id="13990" message="SQL union select - possible sql injection attempt - GET parameter" classification="Misc Attack" rule_priority="1" src_ip="10.10.40.10" src_country="R1" dst_ip="10.10.10.10" dst_country="R1" protocol="TCP" src_port="49954" dst_port="20211" OS="BSD,Linux,Mac,Other,Solaris,Unix,Windows" category="sql" victim="Server" Copiar al portapapeles

40.10 is traefik 10.10 is the host where NetAlertX is running

[jokob-sk]

@lordraiden thanks for the update.

The UI generates a few SQL queries and since NAX is setup as a framework, it's expected. If you worry about this enable the login feature. I treat everyone accessing the UI (after logging in) as a safe actor.

please make sure your SCAN_SUBNETS is configured correctly if your devices still don't show up:

https://github.com/jokob-sk/NetAlertX/blob/main/docs/SUBNETS.md