Same Pi.Alert Report mail on every scheduled nmap scan

[AleksCee]

Describe the issue
I have configure a schedule scan with report mail for port changes and new devices. But the mail seams to report every night the same devices and port as new. Under the nmap device tap are also no oft this found ports, I think at this place a have to see the last result oft the schedule scan, right?

Paste last few lines from pialert.log

this is the log at the scheduled time for the first 4 devices. I promise the ports of my router and NAS are not changed every day buy reported at every scan

grep '2023-03-18 02' pialert.log
[2023-03-18 02:01:03] Process: Start
[2023-03-18 02:01:04] Scan: Nmap for max 150s (2.5min) per device
[2023-03-18 02:01:36] Scan: Nmap SUCCESS for 77.23.51.25 (1/55)
[2023-03-18 02:01:36] Scan: Ports found by NMAP: 4
[2023-03-18 02:01:36] Scan: Nmap new or changed ports: 4
[2023-03-18 02:01:36] Scan: Nmap old entries:          192
[2023-03-18 02:01:40] Scan: Nmap SUCCESS for 192.168.1.77 (2/55)
[2023-03-18 02:01:40] Scan: Ports found by NMAP: 62
[2023-03-18 02:01:40] Scan: Nmap new or changed ports: 62
[2023-03-18 02:01:40] Scan: Nmap old entries:          196
[2023-03-18 02:02:18] Scan: Nmap SUCCESS for 192.168.1.1 (3/55)
[2023-03-18 02:02:18] Scan: Ports found by NMAP: 12
[2023-03-18 02:02:18] Scan: Nmap new or changed ports: 12
[2023-03-18 02:02:18] Scan: Nmap old entries:          258
[2023-03-18 02:02:24] Scan: Nmap SUCCESS for 192.168.1.7 (4/55)

Paste your pialert.conf (remove personal info)

I hope the nmap config is ok? If more need please reply.

grep -i nmap pialert.conf
# Nmap
NMAP_ACTIVE=True
NMAP_TIMEOUT=150
NMAP_RUN='schedule'
NMAP_RUN_SCHD='0 2 * * *'
NMAP_ARGS='-p -10000'
# NMAPSRV
NMAPSRV_RUN='on_new_device'
NMAPSRV_CMD='SELECT  dv.dev_Name as Object_PrimaryID, cast({s-quote}http://{s-quote} || dv.dev_LastIP as VARCHAR(100)) || {s-quote}:{s-quote} || cast( SUBSTR(ns.Port ,0, INSTR(ns.Port , {s-quote}/{s-quote})) as VARCHAR(100)) as Object_SecondaryID,  datetime() as DateTime,  ns.Service as Watched_Value1,        ns.State as Watched_Value2,        {s-quote}null{s-quote} as Watched_Value3,        {s-quote}null{s-quote} as Watched_Value4,        ns.Extra as Extra, dv.dev_MAC as ForeignKey        FROM (SELECT * FROM Nmap_Scan) ns LEFT JOIN (SELECT dev_Name, dev_MAC, dev_LastIP FROM Devices) dv   ON ns.MAC = dv.dev_MAC'
NMAPSRV_RUN_SCHD='0 2 * * *'
NMAPSRV_WATCH=['Watched_Value1','Watched_Value2']
NMAPSRV_REPORT_ON=['new','watched-changed']

Paste your docker-compose.yml and .env (remove personal info)
No compose
docker-compose.yml

docker run -d --network=host --restart=unless-stopped \
  -v /volume1/docker/pialert/config:/home/pi/pialert/config \
  -v /volume1/docker/pialert/db:/home/pi/pialert/db \
  -e TZ=Europe/Berlin \
  -e PORT=20211 \
  -e HOST_USER_ID=1024 \
  -e HOST_USER_GID=100 \
  --name pialert \
  jokobsk/pi.alert:latest

.env

paste here

Screenshots
If applicable, add screenshots to help explain your problem.

[jokob-sk]

Hi @AleksCee !

Can you confirm the container is not restarting? E.g. check if pialert.log contains multiple startup sequences such as:

 Permissions check (All should be True)
------------------------------------------------
  /config/pialert.conf |  READ  | True
  /config/pialert.conf |  WRITE | True
  /db/pialert.db       |  READ  | True
  /db/pialert.db       |  WRITE | True
------------------------------------------------

Past notifications are only cleared if all notifications are successfully sent. If any of the notification services fail and the container restarts, the app will try to re-send past notifications again so no data is lost.

j

[AleksCee]

Hello @jokob-sk

for me it‘s all as you have defined:
8 days up and permissions ok

admin@nas:~$ docker ps |grep pialert
7a6a42c02086   jokobsk/pi.alert:latest                         "tini -- /home/pi/pi…"   8 days ago      Up 8 days                                                                                                               pialert
admin@nas:~$ docker exec -it pialert /bin/bash
root@nas:/# cd /home/pi/pialert/front/log/
root@nas:/home/pi/pialert/front/log# grep -A 6 'Permissions check' pialert.log 
 Permissions check (All should be True)
------------------------------------------------
  /config/pialert.conf |  READ  | True
  /config/pialert.conf |  WRITE | True
  /db/pialert.db       |  READ  | True
  /db/pialert.db       |  WRITE | True
------------------------------------------------

[jokob-sk]

Thanks for confirming!

I think I've found the bug. If you'd like you can try to test this dev build: docker pull jokobsk/pi.alert_dev:sha-d9a9246.

[AleksCee]

I have just pulled the image, at 2 am the nmap scan is performed, so I will watch it for two days and give you a feedback.
Ups, sorry I don#t want to close this issue. To late for comments. How can I undo this?

[jokob-sk]

Thanks for testing the fix!

[AleksCee]

If I leave a comment, I can only close, sorry so I have to reopen but I want to write down my first observation: the nmap history per device is now showing. No mail this night, but I will confirm this tomorrow because of the German timeshift this night.

[AleksCee]

Great work! I have configure an new port on a scanned device and in the report mail is only the new port reported.
So I think this dev-image work fine!
Thanks, Alex

[jokob-sk]

Thanks for confirming!

[jokob-sk]

Fix in latest release > closing