Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hmm.py divide by zero encountered while uploading evtx/xml file #37

Open
LaBonave opened this issue Oct 5, 2018 · 8 comments
Open

hmm.py divide by zero encountered while uploading evtx/xml file #37

LaBonave opened this issue Oct 5, 2018 · 8 comments

Comments

@LaBonave
Copy link

LaBonave commented Oct 5, 2018

Hi,
I'm getting this error while parsing small, big, evtx or xml files from my personal workstation
Same error by GUI or by CLI :

python3 logontracer.py --delete -x ../xxxx.xml -z +2 -u neo4j -p neo5j -s localhost
[] Script start. 2018/10/05 15:46:14
[] Delete all nodes and relationships from this Neo4j database.
[] Time zone is 2.
[] Last record number is 208.
[] Start parsing the EVTX file.
[] Parse the EVTX file ../xxxxx.xml.
[] Now loading 200 records.
[] Load finished.
[] Total Event log is 208.
[] Calculate ChangeFinder.
[] Calculate Hidden Markov Model.
/usr/local/lib/python3.6/dist-packages/hmmlearn/hmm.py:405: RuntimeWarning: divide by zero encountered in log
return np.log(self.emissionprob_)[:, np.concatenate(X)].T
[] Calculate PageRank.
[] Creating a graph data.
[] Creation of a graph data finished.
[*] Script end. 2018/10/05 15:46:14

All dependencies and code were freshly installed today.
@shu-tom
Copy link
Member

shu-tom commented Oct 6, 2018

This is a known warning message does not affect the operation of LogonTracer.

@LaBonave
Copy link
Author

LaBonave commented Oct 9, 2018

Hi, thanks.
It seems, when uploading large event log (multiple thousands of logs) that this error ends the parsing :

[] Now loading 200 records. [] Now loading 300 records./usr/local/lib/python3.6/dist-packages**/hmmlearn/hmm.py:405: RuntimeWarning: divide by zero encountered in log return np.log(self.emissionprob_)[:, np.concatenate(X)].**T [] Load finished [] Total Event log is 305. [] Calculate ChangeFinder. [] Calculate Hidden Markov Model. [] Calculate PageRank. [] Creating a graph data. [] Creation of a graph data finished. [] Script end. 2018/10/05 17:50:45

We can have the visualisation in LogonTracer, but it only shows the 305 first records, in that case.

@shu-tom
Copy link
Member

shu-tom commented Oct 9, 2018

In this message, the number of records in the log is written as 305, is it more?
Is the log broken?

@LaBonave
Copy link
Author

The log contained much more events, and was generated by the standard Event Viewer with a custom view for 7 days. It contains roughly 1.5 million events of the IDs recognized by Logon Tracer (4624, 4625, 4768,4769,4776,4672).

@shu-tom
Copy link
Member

shu-tom commented Oct 10, 2018

Can you share the event log to me in order to resolve this issue?
If you can share it please send to logontracer.help (at) gmail.com

@sbmandava
Copy link

Got the same exact error. Is it still a known warning issue.

/usr/local/lib/python3.5/dist-packages/hmmlearn/hmm.py:412: RuntimeWarning: divide by zero encountered in log return np.log(self.emissionprob_)[:, np.concatenate(X)].T.

Starting : [*] Last record number is 510267.

[] Load finished.
[] Total Event log is 510376.
[*] Calculate ChangeFinder.
...

@shu-tom
Copy link
Member

shu-tom commented Mar 13, 2019

If you can share it please send to logontracer.help (at) gmail.com

@lowkeygit
Copy link

I also have this problem...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@LaBonave @sbmandava @shu-tom @lowkeygit