Pi.Alert using increasing number of arp-scan processes simultaneously #232
Comments
|
Shameless self-promotion ;-) I addressed the issue in my fork over a year ago (leiweibau/Pi.Alert@feb3eab) |
|
Hi and thanks for replying. Yeah, I have found your fork just after having this issue. And infact, I've been considering writing to your github page. Can I upgrade my installation to your version, by you one step updater you have provided:
I have given names to endpoints, locations etc. and I dont want to loose them. Besides, I'm trying to understand all logic behind. Vendors file cannot be updated, I'm getting "Zero-sized response from from.." errors from update_vendors.sh file (there are multiple ieee-data file locations: /usr/lib/ieee-data, /var/lib/ieee-data, /usr/share/ieee-data, one of them missing, other one symlinked), multiple arp-scan processes, etc. I dont understand the Scan Cycle logic (Scan 12 min every 15 min?). Is there any detailed information on your side? I've read one of your replies which mentions about bulk-editor, which would be great. |
No. This update script is only recommended for an already existing installation of this fork. If you are using another fork, I recommend uninstalling it first. If you backup the database, it may be possible to continue using it with my fork after a patch (pialert-cli). After restoring your DB keep this in mind:
Yes, it's been a known problem with the main project for some time (#203, #164, #150, ...). But since this is no longer maintained, no one corrects it. However, it may possibly be due to a possibly active DNS ad blocker.
The ScanCycle logic is a bit more complex, but no longer relevant in my fork, since I only use one ScanCycle (ScanCycle 1) every 5 min
You can read about it here https://github.com/leiweibau/Pi.Alert/blob/main/docs/BULKEDITOR.md |
I have installed Pi.Alert using the default one step installer, on a Debian 11 VM to scan a B-class network. No containers.
As soon as the VM boots up, ps aux | grep arp-scan shows two processes of arp-scan one with sudo, one without:
Bu after some time (probably a minute), two more processes are started, with --retry=16. This results in an increased amount of arp traffic in the network over time.
I have tried to edit cron jobs and left only one line for pialert.py scan, with a 3 hour period only. And modified pialert.py to set
manually, without using values from the DB. But this did not stop the new processes spawning, just kept their number below 6, for some reason.
Devices page is populated with discovered IPs, looks nothing wrong, as far as I can tell.
How can I strictly keep arp scans under control? Like one single process every 3 hours or so? Why does it start two processes, one with sudo, the other without?
The text was updated successfully, but these errors were encountered: