General
On your PC the following time zone is set for the PHP environment: UTC
If this is not the timezone you are in, you should change the timezone in the PHP configuration file. You can find it in this directory: /etc/php/8.2/apache2/php.ini
Search in this file for the entry "date.timezone", remove the leading ";" if necessary and enter the desired timezone. A list with the supported timezones can be found here (Link)
If this is not the timezone you are in, you should change the timezone in the PHP configuration file. You can find it in this directory: /etc/php/8.2/apache2/php.ini
Search in this file for the entry "date.timezone", remove the leading ";" if necessary and enter the desired timezone. A list with the supported timezones can be found here (Link)
It may well be that low-powered devices reach their performance limits with the way Pi.Alert detects new devices on the network. This is amplified even more,
if these devices communicate with the network via WLAN. Solutions here would be to switch to a wired connection if possible or, if the device is only to be used for a limited period of time, to use the arp scan.
pause the arp scan on the maintenance page.
Check in the Pi.Alert directory if the database folder (db) has been assigned the correct permissions:
drwxrwx--- 2 (your username) www-data
If the permission is not correct, you can set it again with the following commands in the terminal or the console:
drwxrwx--- 2 (your username) www-data
If the permission is not correct, you can set it again with the following commands in the terminal or the console:
sudo chgrp -R www-data ~/pialert/db
sudo chown [Username]:www-data ~/pialert/db/pialert.db
chmod -R 770 ~/pialert/db
You can also perform these steps using ./pialert-cli set_permissions in the directory ~/pialert/back.
If the database remains read-only afterwards, try reinstalling or restoring a database backup through the maintenance page. Please make sure to check and adjust the permissions accordingly.
sudo chown [Username]:www-data ~/pialert/db/pialert.db
chmod -R 770 ~/pialert/db
In addition to the password, the configuration file must contain ~/pialert/config/pialert.conf
also the parameter PIALERT_WEB_PROTECTION must set to True.
The database in this fork has been extended by some fields. To take over the database from the original Pi.Alert (pucherot), an update function is available via the "pialert-cli" in the directory ~/pialert/back.
The command is then ./pialert-cli update_db
The command line tool pialert-cli is located in the directory ~/pialert/back and offers the possibility to make settings to Pi.Alert
without web page or change to the configuration file. With the command ./pialert-cli help a list with the supported options can be called.
| set_login | - Sets the parameter PIALERT_WEB_PROTECTION in the config file to TRUE - If the parameter is not present, it will be created. Additionally the default password "123456" is set. |
| unset_login | - Sets the parameter PIALERT_WEB_PROTECTION in the config file to FALSE - If the parameter is not present, it will be created. Additionally the default password "123456" is set. |
| set_password <password> | - Sets the new password as a hashed value. - If the PIALERT_WEB_PROTECTION parameter does not exist yet, it will be created and set to "TRUE" (login enabled) |
| set_autopassword | - Sets a new random password as a hashed value and show it plaintext in the console. - If the PIALERT_WEB_PROTECTION parameter does not exist yet, it will be created and set to "TRUE" (login enabled) |
| disable_scan <MIN> | - Stops all active scans. - Prevents new scans from starting. - You can set a Timeout in minutes. If no timeout is set, Pi.Alert restarts itself with the next scan after 10min. |
| enable_scan | - Allows the start of new scans again. |
| enable_service_mon | - Enable Web Service Monitoring |
| disable_service_mon | - Disable Web Service Monitoring |
| enable_icmp_mon | - Enable ICMP Monitoring (ping) |
| disable_icmp_mon | - Disable ICMP Monitoring (ping) |
| update_db | - The script tries to make the database compatible for this fork. |
| set_apikey | - With the API key it is possible to make queries to the database without using the web page. If an API key already exists, it will be replaced. |
| set_permissions | - Fixes the file permissions of the database. |
| reporting_test | - Test reporting for all activated services. |
| set_sudoers | - Create sudoer file for www-data and Pi.Alert user |
| unset_sudoers | - Delete sudoer file for www-data and Pi.Alert user |
The file pialert.conf is located in the directory ~/pialert/config.
In this configuration file many functions of Pi.Alert can be set according to the personal wishes. Since the possibilities are various, I would like to give a
short explanation to the individual points.
| General Settings | |
| PIALERT_PATH | This variable is set during installation and should not be changed. |
| DB_PATH | This variable is set during installation and should not be changed. |
| LOG_PATH | This variable is set during installation and should not be changed. |
| PRINT_LOG | If this entry is set to True, additional timestamps for the individual sub-functions are added to the scan log. By default this entry is set to False |
| VENDORS_DB | This variable is set during installation and should not be changed. |
| PIALERT_APIKEY | With the API key it is possible to make queries to the database without using the web page. The API key is a random string that can be set via the settings or via pialert-cli |
| PIALERT_WEB_PROTECTION | Enables or disables the password protection of the Pi.Alert web interface. |
| PIALERT_WEB_PASSWORD | This field contains the hashed password for the web interface. The password cannot be entered here in plain text, but must be set with pialert-cli |
| Other Modules | |
| SCAN_WEBSERVICES | Here the function for monitoring web services can be switched on (True) or off (False) |
| ICMPSCAN_ACTIVE | ICMP Monitoring on/off |
| Special Protocol Scanning | |
| SCAN_ROGUE_DHCP | Activates the search for foreign, also called "rogue", DHCP servers. This function is used to detect whether there is a foreign DHCP server in the network that could take control of IP management. |
| DHCP_SERVER_ADDRESS | The IP of the known DHCP server is stored here. |
| Arp-scan Options & Samples | |
| MAC_IGNORE_LIST |
[‘MAC-Address 1’, ‘MAC-Address 2’] This MAC address(es) (save with small letters) will be filtered out from the scan results. |
| SCAN_SUBNETS |
‘--localnet’ Normally this option is already the correct settings. This setting is selected when Pi.Alert is installed on a device with a network card and no other networks are configured. ‘--localnet --interface=eth0’ This configuration is selected if Pi.Alert is installed on a system with at least 2 network cards and a configured network. However, the interface designation may differ and must be adapted to the conditions of the system. ['192.168.1.0/24 --interface=eth0','192.168.2.0/24 --interface=eth1'] The last configuration is necessary if several networks are to be monitored. For each network to be monitored, a corresponding network card must be configured. This is necessary because the "arp-scan" used is not routed, i.e. it only works within its own subnet. Each interface is entered here with the corresponding network. The interface designation must be adapted to the conditions of the system. |
| Mail-Account Settings | |
| SMTP_SERVER | Address of the e-mail server (e.g. smtp.gmail.com) |
| SMTP_PORT | The port of the SMTP server. The port may vary depending on the server configuration. |
| SMTP_USER | User name |
| SMTP_PASS | Password |
| SMTP_SKIP_TLS | If this entry is set to True, transport encryption of the e-mail is enabled. If the server does not support this, the entry must be set to False. |
| SMTP_SKIP_LOGIN | There are SMTP servers which do not require a login. In such a case, this value can be set to True. |
| WebGUI Reporting | |
| REPORT_WEBGUI | Enables/disables the notifications about changes in the network in the web interface. |
| REPORT_WEBGUI_WEBMON | Enables/disables the notifications about changes in the monitored web services in the web interface. |
| Mail Reporting | |
| REPORT_MAIL | Enables/disables the notifications about changes in the network via e-mail. |
| REPORT_MAIL_WEBMON | Enables/disables the notification of changes in the monitored web services by e-mail. |
| REPORT_FROM | Name or identifier of the sender. |
| REPORT_TO | E-mail address to which the notification should be sent. |
| REPORT_DEVICE_URL | URL of the Pi.Alert installation to create a clickable link in the e-mail to the detected device. |
| REPORT_DASHBOARD_URL | URL of the Pi.Alert installation, to be able to create a clickable link in the e-mail. |
| Pushsafer | |
| REPORT_PUSHSAFER | Enables/disables notifications about changes in the network via Pushsafer. |
| REPORT_PUSHSAFER_WEBMON | Enables/disables notifications about changes in the monitored web services via Pushsafer. |
| PUSHSAFER_TOKEN | This is the private key that can be viewed on the pushsafer page. |
| PUSHSAFER_DEVICE | The device ID to which the message will be sent. ‘a’ means the message will be sent to all configuring devices and will consume a corresponding number of API calls. |
| Pushover | |
| REPORT_PUSHOVER | Enables/disables notifications about changes in the network via Pushover. |
| REPORT_PUSHOVER_WEBMON | Enables/disables the notifications about changes in the monitored web services via Pushover. |
| PUSHOVER_TOKEN | Also called "APP TOKEN" or "API TOKEN". This token can be queried on the pushover page. |
| PUSHOVER_USER | Also called "USER KEY". This key is displayed right after login on the start page. |
| NTFY | |
| REPORT_NTFY | Enables/disables the notifications about changes in the network via NTFY. |
| REPORT_NTFY_WEBMON | Enables/disables the notifications about changes in the monitored web services via NTFY. |
| NTFY_HOST | |
| NTFY_TOPIC | |
| NTFY_USER | |
| NTFY_PASSWORD | |
| NTFY_PRIORITY | |
| Shoutrrr | |
| SHOUTRRR_BINARY | Here you have to configure which binary of shoutrrr has to be used. This depends on the hardware Pi.Alert was installed on. |
| Telegram via Shoutrrr | |
| REPORT_TELEGRAM | Enables/disables the notifications about changes in the network via Telegram |
| REPORT_TELEGRAM_WEBMON | Enables/disables the notifications about changes in the monitored web services via Telegram |
| TELEGRAM_BOT_TOKEN_URL | |
| DynDNS and IP | |
| QUERY_MYIP_SERVER | |
| DDNS_ACTIVE | Enables/disables the configured DDNS service in Pi.Alert. DDNS, also known as DynDNS, allows you to update a domain name with a regularly changing IP address. This service is offered by several service providers. |
| DDNS_DOMAIN | |
| DDNS_USER | |
| DDNS_PASSWORD | |
| DDNS_UPDATE_URL | |
| Pi-hole Configuration | |
| PIHOLE_ACTIVE | This variable is set during installation. |
| PIHOLE_DB | This variable is set during installation and should not be changed. |
| DHCP_ACTIVE | This variable is set during installation. |
| DHCP_LEASES | This variable is set during installation and should not be changed. |
| Fritzbox Configuration | |
| FRITZBOX_ACTIVE | If a Fritzbox is used in the network, it can be used as a data source. This can be activated or deactivated at this point. |
| FRITZBOX_IP | IP address of the Fritzbox. |
| FRITZBOX_USER | User name This assumes that the Fritzbox is configured for a login with username and password, instead of password only. A login with password only is not supported. |
| FRITZBOX_PASS | Password |
| Maintenance Tasks Cron | |
| DAYS_TO_KEEP_ONLINEHISTORY | Number of days for which the online history (activity graph) is to be stored in the database. One day generates 288 such records. |
| DAYS_TO_KEEP_EVENTS | Number of days for which the events of the individual devices are to be stored. |
Certain functions of Pi.Alert, like sending test messages, detecting foreign DHCP servers or detecting devices using arp-scan, require "sudo" permissions. Here a configuration adjustment is necessary.
Execute the command sudo ./pialert-cli set_sudoers in the directory ~/pialert/back.
Devices
If you use Pi-hole, please note that Pi.Alert retrieves information from Pi-hole. Pause Pi.Alert, go to the settings page in Pi-hole and
delete the DHCP lease if necessary. Then, also in Pi-hole, look under Tools -> Network to see if you can find the recurring hosts there.
If yes, delete them there as well. Now you can start Pi.Alert again. Now the device(s) should not show up anymore. Restarting the pihole-FTL service may also fix the problem.
If such a device continues to appear repeatedly, the MAC address can be added to the ignore list MAC_IGNORE_LIST in the pialert.conf.
Devices - Detail View
"Uplink Target" means a network device created from the network page.
"Target Port Number" designates the port number where the currently edited device is connected to this network device.
"Target Port Number" designates the port number where the currently edited device is connected to this network device.
The time interval between the scans is defined by the "Cronjob", which is set to 5min by default. The designation "1min" refers to the expected duration of the scan.
Depending on the network configuration, this time may vary. To edit the cronjob, you can use the following command in the terminal/console crontab -e
and change the interval.
Some modern devices generate random MAC addresses for privacy reasons, which can no longer be associated with any manufacturer and which change again with each new connection.
Pi.Alert detects if it is such a random MAC address and activates this "field" automatically. To disable this behavior you have to look in your device how to disable
MAC address randomization.
Nmap is a network scanner with multiple capabilities.
When a new device appears in your list, you have the possibility to get more detailed information about the device via the Nmap scan.
When a new device appears in your list, you have the possibility to get more detailed information about the device via the Nmap scan.
Network
This page should offer you the possibility to map the assignment of your network devices. For this purpose, you can create one or more switches, WLANs, routers, etc., provide them with a port number if necessary and assign already detected
devices to them. This assignment is done in the detailed view of the device to be assigned. So it is possible for you to quickly determine to which port a host is connected and if it is online. It is possible to assign a device to multiple
ports (port bundling), as well as multiple devices to one port (virtual machines).
On the network side, for example, a switch is created. For this purpose, I already offer corresponding devices in the selection list. You continue to specify the type and the number of ports.
On the detail view you have now, with each recognized device, the possibility to save this just created switch and the occupied port.
Now the network page shows you the switch with its ports and the devices connected to it. For each device in the detail view, you have the option of assigning multiple ports to a switch, which you separate with a comma (e.g. for link aggregation). It is also possible to assign several devices to one port (e.g. a server with several virtual machines).
You can also assign a switch to a router if you have created it on the network side. Normally, this switch will now be displayed on the router tab. What does not happen is that the router is displayed on the switch port. For this it is necessary and possible to save a manual port configuration. To do this, open the "Administration" and select the switch in the editing. After you have entered the type and the number of ports again, you have a selection list of possible devices in the lowest field. After the selection, only the MAC address is visible, followed by a ",". Now simply add the port of the router on the switch and save. It is also possible to enter multiple MAC addresses and ports. It is important to follow the syntax "MAC1,PortA;MAC2,PortB;MAC3,PortC".
On the detail view you have now, with each recognized device, the possibility to save this just created switch and the occupied port.
Now the network page shows you the switch with its ports and the devices connected to it. For each device in the detail view, you have the option of assigning multiple ports to a switch, which you separate with a comma (e.g. for link aggregation). It is also possible to assign several devices to one port (e.g. a server with several virtual machines).
You can also assign a switch to a router if you have created it on the network side. Normally, this switch will now be displayed on the router tab. What does not happen is that the router is displayed on the switch port. For this it is necessary and possible to save a manual port configuration. To do this, open the "Administration" and select the switch in the editing. After you have entered the type and the number of ports again, you have a selection list of possible devices in the lowest field. After the selection, only the MAC address is visible, followed by a ",". Now simply add the port of the router on the switch and save. It is also possible to enter multiple MAC addresses and ports. It is important to follow the syntax "MAC1,PortA;MAC2,PortB;MAC3,PortC".
It is possible that the number of ports was not entered when the device was created on the network page. When editing the device on the network page, it is also necessary to enter an already entered number of ports again.
If the number of ports is missing for a device that has already been created, the problem should be solved by editing the device and specifying the ports, the type and, if necessary, the manual port configuration.
If the number of ports is missing for a device that has already been created, the problem should be solved by editing the device and specifying the ports, the type and, if necessary, the manual port configuration.
Web Services
The monitoring is based exclusively on the responses of HTTP requests sent to the page. Depending on the state of the server, meaningful error patterns can be detected here. If the server does not respond at all, this is considered as "Down/Offline". These web server requests are performed every 10 min as part of the normal scan.
There are 5 different color codes in total:
- no scan available yet
- HTTP status code 2xx
- HTTP status code 3xx-4xx
- HTTP status code 5xx
- offline
- no scan available yet
- HTTP status code 2xx
- HTTP status code 3xx-4xx
- HTTP status code 5xx
- offline
| Code | Description |
|---|---|
| 100 | indicates that the initial part of a request has been received and has not yet been rejected by the server. |
| 101 | indicates that the server understands and is willing to comply with the client's request, via the Upgrade header field, for a change in the application protocol being used on this connection. |
| 102 | is an interim response used to inform the client that the server has accepted the complete request, but has not yet completed it. |
| 200 | indicates that the request has succeeded. |
| 201 | indicates that the request has been fulfilled and has resulted in one or more new resources being created. |
| 202 | indicates that the request has been accepted for processing, but the processing has not been completed. |
| 203 | indicates that the request was successful but the enclosed payload has been modified from that of the origin server's 200 (OK) response by a transforming proxy. |
| 204 | indicates that the server has successfully fulfilled the request and that there is no additional content to send in the response payload body. |
| 205 | indicates that the server has fulfilled the request and desires that the user agent reset the document view, which caused the request to be sent, to its original state as received from the origin server. |
| 206 | indicates that the server is successfully fulfilling a range request for the target resource by transferring one or more parts of the selected representation that correspond to the satisfiable ranges found in the requests's Range header field. |
| 207 | provides status for multiple independent operations. |
| 226 | The server has fulfilled a GET request for the resource, and the response is a representation of the result of one or more instance-manipulations applied to the current instance. |
| 300 | indicates that the target resource has more than one representation, each with its own more specific identifier, and information about the alternatives is being provided so that the user (or user agent) can select a preferred representation by redirecting its request to one or more of those identifiers. |
| 301 | indicates that the target resource has been assigned a new permanent URI and any future references to this resource ought to use one of the enclosed URIs. |
| 302 | indicates that the target resource resides temporarily under a different URI. |
| 303 | indicates that the server is redirecting the user agent to a different resource, as indicated by a URI in the Location header field, that is intended to provide an indirect response to the original request. |
| 304 | indicates that a conditional GET request has been received and would have resulted in a 200 (OK) response if it were not for the fact that the condition has evaluated to false. |
| 305 | *deprecated* |
| 307 | indicates that the target resource resides temporarily under a different URI and the user agent MUST NOT change the request method if it performs an automatic redirection to that URI. |
| 308 | The target resource has been assigned a new permanent URI and any future references to this resource outght to use one of the enclosed URIs. [...] This status code is similar to 301 Moved Permanently (Section 7.3.2 of rfc7231), except that it does not allow rewriting the request method from POST to GET. |
| 400 | indicates that the server cannot or will not process the request because the received syntax is invalid, nonsensical, or exceeds some limitation on what the server is willing to process. |
| 401 | indicates that the request has not been applied because it lacks valid authentication credentials for the target resource. |
| 402 | *reserved* |
| 403 | indicates that the server understood the request but refuses to authorize it. |
| 404 | indicates that the origin server did not find a current representation for the target resource or is not willing to disclose that one exists. |
| 405 | indicates that the method specified in the request-line is known by the origin server but not supported by the target resource. |
| 406 | indicates that the target resource does not have a current representation that would be acceptable to the user agent, according to the proactive negotiation header fields received in the request, and the server is unwilling to supply a default representation. |
| 407 | is similar to 401 (Unauthorized), but indicates that the client needs to authenticate itself in order to use a proxy. |
| 408 | indicates that the server did not receive a complete request message within the time that it was prepared to wait. |
| 409 | indicates that the request could not be completed due to a conflict with the current state of the resource. |
| 410 | indicates that access to the target resource is no longer available at the origin server and that this condition is likely to be permanent. |
| 411 | indicates that the server refuses to accept the request without a defined Content-Length. |
| 412 | indicates that one or more preconditions given in the request header fields evaluated to false when tested on the server. |
| 413 | indicates that the server is refusing to process a request because the request payload is larger than the server is willing or able to process. |
| 414 | indicates that the server is refusing to service the request because the request-target is longer than the server is willing to interpret. |
| 415 | indicates that the origin server is refusing to service the request because the payload is in a format not supported by the target resource for this method. |
| 416 | indicates that none of the ranges in the request's Range header field overlap the current extent of the selected resource or that the set of ranges requested has been rejected due to invalid ranges or an excessive request of small or overlapping ranges. |
| 417 | indicates that the expectation given in the request's Expect header field could not be met by at least one of the inbound servers. |
| 418 | Any attempt to brew coffee with a teapot should result in the error code 418 I'm a teapot. |
| 422 | means the server understands the content type of the request entity (hence a 415(Unsupported Media Type) status code is inappropriate), and the syntax of the request entity is correct (thus a 400 (Bad Request) status code is inappropriate) but was unable to process the contained instructions. |
| 423 | means the source or destination resource of a method is locked. |
| 424 | means that the method could not be performed on the resource because the requested action depended on another action and that action failed. |
| 426 | indicates that the server refuses to perform the request using the current protocol but might be willing to do so after the client upgrades to a different protocol. |
| 428 | indicates that the origin server requires the request to be conditional. |
| 429 | indicates that the user has sent too many requests in a given amount of time (rate limiting). |
| 431 | indicates that the server is unwilling to process the request because its header fields are too large. |
| 451 | This status code indicates that the server is denying access to the resource in response to a legal demand. |
| 500 | indicates that the server encountered an unexpected condition that prevented it from fulfilling the request. |
| 501 | indicates that the server does not support the functionality required to fulfill the request. |
| 502 | indicates that the server, while acting as a gateway or proxy, received an invalid response from an inbound server it accessed while attempting to fulfill the request. |
| 503 | indicates that the server is currently unable to handle the request due to a temporary overload or scheduled maintenance, which will likely be alleviated after some delay. |
| 504 | indicates that the server, while acting as a gateway or proxy, did not receive a timely response from an upstream server it needed to access in order to complete the request. |
| 505 | indicates that the server does not support, or refuses to support, the protocol version that was used in the request message. |
| 506 | indicates that the server has an internal configuration error: the chosen variant resource is configured to engage in transparent content negotiation itself, and is therefore not a proper end point in the negotiation process. |
| 507 | means the method could not be performed on the resource because the server is unable to store the representation needed to successfully complete the request. |
| 511 | indicates that the client needs to authenticate to gain network access. |
Detectable events are:
- Changing the HTTP status code
- Change IP
- Response time of the server or the missing of the response.
Web Services - Detail View
Not every field that is displayed on this page can be edited. Editable fields are:
- Tag
- Device (possibly a device to which this web service is assigned)
A MAC address is expected here. If something else (e.g. "laptop") is entered here, "Unknown Device (laptop)" appears in the overview.. Services without this entry are listed under "General". - CheckBox: All Events
- CheckBox: Down
Presence
If this happens, you have the option to delete the events on the device in question (details view). Another possibility would be to switch on the device and wait until Pi.Alert detects the device as "online" with the next
scan and then simply turn the device off again. Now Pi.Alert should properly note the state of the device in the database with the next scan.
If this happens, you have the possibility to delete the events for the device in question (details view). Another possibility would be to switch on the device and wait until Pi.Alert recognizes the device as "online" with the next scan
and then simply switch the device off again. Now Pi.Alert should properly note the state of the device in the database with the next scan.