Where do containee names come from?

[Tasty213]

Hi,

I've just installed edgeshark on a server and i can see it's discovered lots of containers but they're named the same along the lines of "container-entry(85245)". This makes it quite difficult to find the container i want to inspect.

Where does edgeshark get these names from and how can i adjust them?

The containers in question are podman containers and podman ps reports their names correctly (see below for example)

4ad02d73b87c  registry.isotek.connectorsubsea.com/bnw/bnw-tools-hframe:1                       6 -l systemd --co...  26 hours ago        Up 26 hours                                                        bnw-tools-hframe6
d3dc2e4998f6  registry.isotek.connectorsubsea.com/bnw/bnw-tools-cif:1.0.8-8-g094b1d6           -l systemd --conf...  24 minutes ago      Up 24 minutes                                                      bnw-tools-cif
92120c192a37  ghcr.io/siemens/ghostwire:latest                                                                       About a minute ago  Up About a minute                                                  edgeshark_gostwire_1
84e3e19536b5  ghcr.io/siemens/packetflix:latest                                                                      About a minute ago  Up About a minute  0.0.0.0:5001->5001/tcp, 5000/tcp                edgeshark_edgeshark_1

Thanks
George

[thediveo]

Is it possible for you to share a screenshot of what you're seeing? This might clarify the situation; I suspect there is something wrong with the container engine detection.

At the top of the Edgeshark wiring view there is a meta data section; it might be collapsed, then click on the chevron to open this section. For instance, on one of my virtual Siemens Industrial Edge devices, it tells me the container engines found; do you see such information for your deployment?

Since you're using podman, we can only detect podman reliably when it is (on-demand) started by systemd; this is the case for a what is (IIRC) called a "system podman". There is no acceptable way with reasonable performance and system load to detect user space podmen, because that would need a security scanner-like deep system scan. This is a general architectural problem podman painted itself into; details can be found in my public talk, in the "Detecting the Undetectable" section (YT link). It's not possible to hardwire any or all container engine API endpoints in our IT world, where we have devcontainers, codespaces, KinD, Docker desktop, with widely varying container engine configurations. Again, this would end up in a deep system VFS scan, which is incredibly expensive and slow.