I get Conncetion refused when I try to get information from the API

[mariem gharbi]

details = "failed to connect to all addresses; last error: UNKNOWN: ipv4:192.168.1.8:8001: Failed to connect to remote host: Connection refused"
debug_error_string = "UNKNOWN:failed to connect to all addresses; last error: UNKNOWN: ipv4:192.168.1.8:8001: Failed to connect to remote host: Connection refused {created_time:"2023-09-30T13:07:46.154701614+02:00", grpc_status:14}"

---------------------------------------------------------------------------------

I'm trying to get infromations fro the api.config.yaml to use it for shuffle 

[Mike Cohen]

Make sure you change the API service to be listening to all interfaces. By default it's only listening to localhost. If you want external connections you need to set it to 0.0.0.0

https://docs.velociraptor.app/docs/server_automation/server_api/#protecting-the-api

Thanks

Mike

--
You received this message because you are subscribed to the Google Groups "velociraptor-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to velociraptor-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/23762881-9636-4e30-972e-c0403a118d41n%40googlegroups.com.

[mariem gharbi]

Hello Mike, 

Yes I also did I got the same error (I changed the bind address to 0.0.0.0 and regenerate the API yaml file ) the version is 0.6.2 what to do please cause am working on my end of studies project and I got no time to change another version of velo

[mariem gharbi]

Le samedi 30 septembre 2023 à 12:28:31 UTC+1, Mike Cohen a écrit :

[Mike Cohen]

Make sure the api.config.yaml file points at the publicly accessible address of the API server - so there you should have something real like 1.2.3.4 and not 0.0.0.0. Whatever is initiating the connection looks like it is trying to connect to 0.0.0.0 in the error above.

The 0.0.0.0 is only in the server.config.yaml to make the API server listen on all interfaces.

Thanks

Mike

Mike Cohen  Digital Paleontologist,  Velocidex Enterprises E mi...@velocidex.com

To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/8c20a113-8138-4d01-a972-a21f92ae4f74n%40googlegroups.com.

[mariem gharbi]

Sorry but the problem is the same even thought I wrote 0.0.0.0 in the server.yaml and the other IP in the api.yaml I got the same error do you think I should change the velociraptor version or what and sorry for the inconvenience

[Mike Cohen]

It is not clear to me what your screenshot shows and what is happening in the background but the way to verify this works is via the pyvelociraptor python binding or just the velociraptor binary itself:

on the remote machine just run 

velociraptor.exe --api_config api.config.yaml query -v "SELECT * FROM info()"

then watch the output and make sure the api connection is working correctly. Once you have that working you can worry about the other code your are trying to integrate with.

Although 0.6.2 is very old I dont think the API code has changed in ages and should work the same way. I think your issue is networking - the error definitely indicates that whatever the screenshot is from is trying to connect to 0.0.0.0

thanks

Mike

Mike Cohen  Digital Paleontologist,  Velocidex Enterprises E mi...@velocidex.com

To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/7ee0e487-9c06-42c1-a748-d215a463e47an%40googlegroups.com.

[mariem gharbi]

It was just a screenshot from shuffle but here is the command line execution and the config of the server.yaml and api.yaml 

[mariem gharbi]

here is the execution of your command line 

[Mike Cohen]

Next you should do the same thing on the server itself to verify it's listening on that interface.

Then check for iptable rules that might be blocking connections

To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/8f7d6fa8-d86c-420b-a747-d39e2f61ceedn%40googlegroups.com.