Cannot connect to API Server

44 views
Skip to first unread message

Vishva Patel

unread,
Sep 10, 2024, 8:19:50 PM9/10/24
to velociraptor-discuss
I'm trying to test velociraptor API & ran the following command on local machine but it keeps giving me connection refused error:

sudo velociraptor --api_config api.config.yaml query -v "SELECT * FROM info()"

However, it only works if I change the API hostname to localhost or 127.0.0.1 in server config file. I also changed the API bind address to 0.0.0.0 but wouldn't work when hostname is changed to my local IP address.

I want to make this work as I'm trying to use the velociraptor app on Shuffle.

Please see the attached photos of error & config 

Thanks.
ser.PNG
ref.PNG

Mike Cohen

unread,
Sep 10, 2024, 8:29:54 PM9/10/24
to Vishva Patel, velociraptor-discuss
This looks ok - I would look for an iptables rule blocking connections - use iptables -Ln to see the rules.

You can see the server binding to all interfaces using netstat -naplt on the server side should be something like 

tcp6       0      0 :::8001                 :::*                    LISTEN      2286707/velocirapto

and the server log should say 
[INFO] 2024-09-10T08:45:09Z Starting gRPC API server on 0.0.0.0:8001

The hostname is used to make the API client config file as a hint to help connecting to the right IP address - you should be able to see it in api.config.yaml  - it should be routable from where you want to connect from. You can change it anyway in api.config.yaml if the IP has changed. It looks like your connection is going to the right place though.
 
Also you dont need to run velociraptor with sudo because it just makes an API connection so does not need root permissions. 

Thanks
Mike

Mike Cohen 
Digital Paleontologist, 
Velocidex Enterprises
mi...@velocidex.com 


--
You received this message because you are subscribed to the Google Groups "velociraptor-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to velociraptor-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/b650630e-8b79-4054-b652-fa56472b2d3dn%40googlegroups.com.

Vishva Patel

unread,
Sep 11, 2024, 9:43:10 AM9/11/24
to velociraptor-discuss
Hi Mike,

Thanks for replying. I get the following result when I do ss -naplt

LISTEN      0      4096                 127.0.0.1:8001           0.0.0.0:*

Seems like port 8001 is still bind to the localhost?

Mike Cohen

unread,
Sep 11, 2024, 9:45:04 AM9/11/24
to Vishva Patel, velociraptor-discuss
Make sure you are editing the server.config.yaml in /etc/velociraptor and restart the service to make it pick up the new changes

Mike Cohen 
Digital Paleontologist, 
Velocidex Enterprises
mi...@velocidex.com 

To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/9094eaee-dff1-4aab-9ef3-442b9e8df81dn%40googlegroups.com.

Vishva Patel

unread,
Sep 11, 2024, 10:48:40 AM9/11/24
to velociraptor-discuss
Awesome. That worked. Thanks for your support.
Reply all
Reply to author
Forward
0 new messages