Event log import error

[etmouse]

hi,when i import my event log ,i got these errors.but the sample Securyty.evtx is good,why?

$ sudo python3 logontracer.py --delete -e ./security.evtx -z +8 -u neo4j -p passwrod -s 192.168.1.69
[] Script start. 2018/06/11 09:03:54
[] Delete all nodes and relationships from this Neo4j database.
[] Time zone is 8.
[] Last record number is 14480.
[] Start parsing the EVTX file.
[] Parse the EVTX file ./security.evtx.
[] Now loading 14400 records.
[] Load finished.
[] Total Event log is 14480.
[] Calculate PageRank.
[] Calculate ChangeFinder.
[] Creating a graph data.
Traceback (most recent call last):
File "logontracer.py", line 803, in
main()
File "logontracer.py", line 792, in main
parse_evtx(args.evtx, GRAPH)
File "logontracer.py", line 745, in parse_evtx
tx.process()
File "/usr/local/lib/python3.6/dist-packages/py2neo/database/init.py", line 1050, in process
self._post()
File "/usr/local/lib/python3.6/dist-packages/py2neo/database/init.py", line 1293, in _post
self._sync()
File "/usr/local/lib/python3.6/dist-packages/py2neo/database/init.py", line 1282, in _sync
connection.send()
File "/usr/local/lib/python3.6/dist-packages/py2neo/packages/neo4j/v1/bolt.py", line 310, in send
self.channel.send()
File "/usr/local/lib/python3.6/dist-packages/py2neo/packages/neo4j/v1/bolt.py", line 141, in send
self.socket.sendall(data)
ConnectionResetError: [Errno 104] Connection reset by peer

[shu-tom]

Your neo4j server may have timeout. I changed to connect to neo4j server just before uploading data. Please try the fixed version.

[etmouse]

after update,the problem is still there

$ sudo git pull
remote: Counting objects: 3, done.
remote: Compressing objects: 100% (1/1), done.
remote: Total 3 (delta 2), reused 3 (delta 2), pack-reused 0
Unpacking objects: 100% (3/3), done.
From https://github.com/JPCERTCC/LogonTracer
72278fb..5a2eb5d master -> origin/master
Updating 72278fb..5a2eb5d
Fast-forward
logontracer.py | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
$ sudo python3 logontracer.py --delete -e ./security.evtx -z +8 -u neo4j -p password -s 192.168.1.69
[] Script start. 2018/06/11 14:38:48
[] Delete all nodes and relationships from this Neo4j database.
[] Time zone is 8.
[] Last record number is 14480.
[] Start parsing the EVTX file.
[] Parse the EVTX file ./security.evtx.
[] Now loading 14400 records.
[] Load finished.
[] Total Event log is 14480.
[] Calculate PageRank.
[] Calculate ChangeFinder.
[] Creating a graph data.
Traceback (most recent call last):
File "logontracer.py", line 810, in
main()
File "logontracer.py", line 799, in main
parse_evtx(args.evtx)
File "logontracer.py", line 752, in parse_evtx
tx.process()
File "/usr/local/lib/python3.6/dist-packages/py2neo/database/init.py", line 1050, in process
self._post()
File "/usr/local/lib/python3.6/dist-packages/py2neo/database/init.py", line 1293, in _post
self._sync()
File "/usr/local/lib/python3.6/dist-packages/py2neo/database/init.py", line 1282, in _sync
connection.send()
File "/usr/local/lib/python3.6/dist-packages/py2neo/packages/neo4j/v1/bolt.py", line 310, in send
self.channel.send()
File "/usr/local/lib/python3.6/dist-packages/py2neo/packages/neo4j/v1/bolt.py", line 141, in send
self.socket.sendall(data)
ConnectionResetError: [Errno 104] Connection reset by peer

but the sample security log file can be imported.

$ sudo python3 logontracer.py --delete -e ./sample/Security.evtx -z +8 -u neo4j -p password -s 192.168.1.69
[] Script start. 2018/06/12 03:40:00
[] Delete all nodes and relationships from this Neo4j database.
[] Time zone is 8.
[] Last record number is 62031.
[] Start parsing the EVTX file.
[] Parse the EVTX file ./sample/Security.evtx.
[] Now loading 62000 records.
[] Load finished.
[] Total Event log is 62031.
[] Calculate PageRank.
[] Calculate ChangeFinder.
[] Creating a graph data.
[] Creation of a graph data finished.
[] Script end. 2018/06/12 03:47:08

[shu-tom]

Can you share the event log to me in order to resolve this issue?
If you can share it please send to logontracer.help (at) gmail.com

[redkris]

these problem also happened to me cam you share how to fix this also ? this tool is so promising if user can operate "user friendly"

[wadeiam]

Same issue:
Error: Upload Failed!
Clicking the "Log" button shows this:
Internal Server Error: The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.

[netlol]

I run Logontracer under k8s, and it show "Internal Server Error: The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application." I don't yet import logs, just press log button.