What installation are you running?
Production (netalertx) 📦
Is there an existing issue for this?
The issue occurs in the following browsers. Select at least 2.
Current Behavior
The past 6th of April Netalertx updated. Since then, it seem to have a memory Leak. I'm running it in a Synology NAS DS720+, via portainer stack.
Expected Behavior
NOT having a memory leak
Steps To Reproduce
No response
Relevant app.conf settings
docker-compose.yml
Debug or Trace enabled
Relevant app.log section
PASTE LOG HERE. Using the triple backticks preserves format.
Docker Logs
--> first run config.sh
--> first run db.sh
--> mandatory folders.sh
* Creating DB locked log.
* Creating Execution queue log.
--> apply conf override.sh
--> override individual settings.sh
--> host optimization.sh
--> writable config.sh
--> nginx config.sh
--> expected user id match.sh
--> host mode network.sh
--> excessive capabilities.sh
══════════════════════════════════════════════════════════════════════════════
⚠️ Warning: Excessive capabilities detected (bounding caps: 0x00000000a80435fb).
Only CHOWN, SETGID, SETUID, NET_ADMIN, NET_BIND_SERVICE, and NET_RAW are
required in this container. Please remove unnecessary capabilities.
https://docs.netalertx.com/docker-troubleshooting/excessive-capabilities
══════════════════════════════════════════════════════════════════════════════
--> appliance integrity.sh
--> ports available.sh
Starting /usr/sbin/php-fpm83 -y "/services/config/php/php-fpm.conf" -F (tee stderr to app.php_errors.log)
Starting supercronic --quiet "/services/config/cron/crontab" >>"/tmp/log/cron.log" 2>&1 &
Starting /usr/sbin/nginx -p "/tmp/run/" -c "/tmp/nginx/active-config/nginx.conf" -g "error_log stderr; error_log /tmp/log/nginx-error.log; daemon off;" &
Starting python3 -m server > /tmp/log/stdout.log 2> >(tee /tmp/log/stderr.log >&2)
Successfully updated IEEE OUI database (113689 entries)
| \ | | | | / _ | | | | \ \ / /
| | | | |/ /\ \ | ___ _ _| | \ V /
| . |/ _ \ __| _ | |/ _ \ __| __|/
| |\ | __/ || | | | | / | | |_/ /^\
_| _/_|__| |/|___|| __/ /
Network intruder and presence detector.
https://netalertx.com
Startup pre-checks
--> data migration.sh
--> capabilities audit.sh
══════════════════════════════════════════════════════════════════════════════
🚨 ALERT: Python execution capabilities (NET_RAW/NET_ADMIN) are missing.
The Python binary in this image has file capabilities (+eip) that
require these bits in the container's bounding set. Without them,
the binary will fail to execute (Operation not permitted).
Restart with: --cap-add=NET_RAW --cap-add=NET_ADMIN
══════════════════════════════════════════════════════════════════════════════
══════════════════════════════════════════════════════════════════════════════
⚠️ WARNING: Reduced functionality (NET_BIND_SERVICE missing).
Tools like nbtscan cannot bind to privileged ports (UDP 137).
This will reduce discovery accuracy for legacy devices.
Consider adding: --cap-add=NET_BIND_SERVICE
══════════════════════════════════════════════════════════════════════════════
Security context: Operational capabilities (CHOWN SETGID SETUID) not granted.
See https://docs.netalertx.com/docker-troubleshooting/missing-capabilities
--> mounts.py
Path | R | W | Mount | RAMDisk | Performance | DataLoss
--------------------------+---+---+-------+---------+-------------+----------
/data | ✅| ✅| ✅ | ➖ | ➖ | ✅
/data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅
/data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅
/tmp/run/tmp | ✅| ✅| ✅ | ✅ | ✅ | ✅
/tmp/api | ✅| ✅| ✅ | ✅ | ✅ | ✅
/tmp/log | ✅| ✅| ✅ | ✅ | ✅ | ✅
/tmp/run | ✅| ✅| ✅ | ✅ | ✅ | ✅
/tmp/nginx/active-config | ✅| ✅| ✅ | ✅ | ✅ | ✅
--> first run config.sh
--> first run db.sh
--> mandatory folders.sh
* Creating DB locked log.
* Creating Execution queue log.
--> apply conf override.sh
--> override individual settings.sh
--> host optimization.sh
--> writable config.sh
--> nginx config.sh
--> expected user id match.sh
--> host mode network.sh
--> excessive capabilities.sh
══════════════════════════════════════════════════════════════════════════════
⚠️ Warning: Excessive capabilities detected (bounding caps: 0x00000000a80435fb).
Only CHOWN, SETGID, SETUID, NET_ADMIN, NET_BIND_SERVICE, and NET_RAW are
required in this container. Please remove unnecessary capabilities.
https://docs.netalertx.com/docker-troubleshooting/excessive-capabilities
══════════════════════════════════════════════════════════════════════════════
--> appliance integrity.sh
--> ports available.sh
Starting /usr/sbin/php-fpm83 -y "/services/config/php/php-fpm.conf" -F (tee stderr to app.php_errors.log)
Starting supercronic --quiet "/services/config/cron/crontab" >>"/tmp/log/cron.log" 2>&1 &
Starting /usr/sbin/nginx -p "/tmp/run/" -c "/tmp/nginx/active-config/nginx.conf" -g "error_log stderr; error_log /tmp/log/nginx-error.log; daemon off;" &
Starting python3 -m server > /tmp/log/stdout.log 2> >(tee /tmp/log/stderr.log >&2)
Successfully updated IEEE OUI database (113807 entries)
What installation are you running?
Production (netalertx) 📦
Is there an existing issue for this?
The issue occurs in the following browsers. Select at least 2.
Current Behavior
The past 6th of April Netalertx updated. Since then, it seem to have a memory Leak. I'm running it in a Synology NAS DS720+, via portainer stack.
Expected Behavior
NOT having a memory leak
Steps To Reproduce
No response
Relevant
app.confsettingsdocker-compose.yml
Debug or Trace enabled
Relevant
app.logsectionDocker Logs
--> first run config.sh
⚠️ Warning: Excessive capabilities detected (bounding caps: 0x00000000a80435fb).
--> first run db.sh
--> mandatory folders.sh
* Creating DB locked log.
* Creating Execution queue log.
--> apply conf override.sh
--> override individual settings.sh
--> host optimization.sh
--> writable config.sh
--> nginx config.sh
--> expected user id match.sh
--> host mode network.sh
--> excessive capabilities.sh
══════════════════════════════════════════════════════════════════════════════
Only CHOWN, SETGID, SETUID, NET_ADMIN, NET_BIND_SERVICE, and NET_RAW are
required in this container. Please remove unnecessary capabilities.
https://docs.netalertx.com/docker-troubleshooting/excessive-capabilities
══════════════════════════════════════════════════════════════════════════════
--> appliance integrity.sh
--> ports available.sh
Starting /usr/sbin/php-fpm83 -y "/services/config/php/php-fpm.conf" -F (tee stderr to app.php_errors.log)
Starting supercronic --quiet "/services/config/cron/crontab" >>"/tmp/log/cron.log" 2>&1 &
Starting /usr/sbin/nginx -p "/tmp/run/" -c "/tmp/nginx/active-config/nginx.conf" -g "error_log stderr; error_log /tmp/log/nginx-error.log; daemon off;" &
Starting python3 -m server > /tmp/log/stdout.log 2> >(tee /tmp/log/stderr.log >&2)
Successfully updated IEEE OUI database (113689 entries)
| \ | | | | / _ | | | | \ \ / /
⚠️ WARNING: Reduced functionality (NET_BIND_SERVICE missing).
⚠️ Warning: Excessive capabilities detected (bounding caps: 0x00000000a80435fb).
| | | | |/ /\ \ | ___ _ _| | \ V /
| . |/ _ \ __| _ | |/ _ \ __| __|/
| |\ | __/ || | | | | / | | |_/ /^\
_| _/_|__| |/|___|| __/ /
Network intruder and presence detector.
https://netalertx.com
Startup pre-checks
--> data migration.sh
--> capabilities audit.sh
══════════════════════════════════════════════════════════════════════════════
🚨 ALERT: Python execution capabilities (NET_RAW/NET_ADMIN) are missing.
The Python binary in this image has file capabilities (+eip) that
require these bits in the container's bounding set. Without them,
the binary will fail to execute (Operation not permitted).
Restart with: --cap-add=NET_RAW --cap-add=NET_ADMIN
══════════════════════════════════════════════════════════════════════════════
══════════════════════════════════════════════════════════════════════════════
Tools like nbtscan cannot bind to privileged ports (UDP 137).
This will reduce discovery accuracy for legacy devices.
Consider adding: --cap-add=NET_BIND_SERVICE
══════════════════════════════════════════════════════════════════════════════
Security context: Operational capabilities (CHOWN SETGID SETUID) not granted.
See https://docs.netalertx.com/docker-troubleshooting/missing-capabilities
--> mounts.py
Path | R | W | Mount | RAMDisk | Performance | DataLoss
--------------------------+---+---+-------+---------+-------------+----------
/data | ✅| ✅| ✅ | ➖ | ➖ | ✅
/data/db | ✅| ✅| ✅ | ➖ | ➖ | ✅
/data/config | ✅| ✅| ✅ | ➖ | ➖ | ✅
/tmp/run/tmp | ✅| ✅| ✅ | ✅ | ✅ | ✅
/tmp/api | ✅| ✅| ✅ | ✅ | ✅ | ✅
/tmp/log | ✅| ✅| ✅ | ✅ | ✅ | ✅
/tmp/run | ✅| ✅| ✅ | ✅ | ✅ | ✅
/tmp/nginx/active-config | ✅| ✅| ✅ | ✅ | ✅ | ✅
--> first run config.sh
--> first run db.sh
--> mandatory folders.sh
* Creating DB locked log.
* Creating Execution queue log.
--> apply conf override.sh
--> override individual settings.sh
--> host optimization.sh
--> writable config.sh
--> nginx config.sh
--> expected user id match.sh
--> host mode network.sh
--> excessive capabilities.sh
══════════════════════════════════════════════════════════════════════════════
Only CHOWN, SETGID, SETUID, NET_ADMIN, NET_BIND_SERVICE, and NET_RAW are
required in this container. Please remove unnecessary capabilities.
https://docs.netalertx.com/docker-troubleshooting/excessive-capabilities
══════════════════════════════════════════════════════════════════════════════
--> appliance integrity.sh
--> ports available.sh
Starting /usr/sbin/php-fpm83 -y "/services/config/php/php-fpm.conf" -F (tee stderr to app.php_errors.log)
Starting supercronic --quiet "/services/config/cron/crontab" >>"/tmp/log/cron.log" 2>&1 &
Starting /usr/sbin/nginx -p "/tmp/run/" -c "/tmp/nginx/active-config/nginx.conf" -g "error_log stderr; error_log /tmp/log/nginx-error.log; daemon off;" &
Starting python3 -m server > /tmp/log/stdout.log 2> >(tee /tmp/log/stderr.log >&2)
Successfully updated IEEE OUI database (113807 entries)