Search found 30 matches

by jbmoore
Fri Jan 25, 2019 2:47 am
Forum: Atomic Protector (formerly ASL)
Topic: apachectl location wrong
Replies: 0
Views: 35238

apachectl location wrong

I'm seeing the error: ASL Common::cmd system - ERROR: '/usr/sbin/apachectl graceful (1)' ..and that is not where my apache install is located, should be: /usr/local/apache/bin/apachectl graceful I checked the config file for ASL and can not find a setting for this path.. So.. How and were do I updat...
by jbmoore
Thu Jul 12, 2018 4:57 pm
Forum: Atomic Protector (formerly ASL)
Topic: OpenSCAP: $(oscap.check.title) (not passed)
Replies: 1
Views: 13467

Re: OpenSCAP: $(oscap.check.title) (not passed)

I'm still seeing this in my Recent Events log.. Any feedback on whether or if this is something I should be pursuing..??

Thanks..
by jbmoore
Fri Jul 06, 2018 6:46 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Web Errors
Replies: 28
Views: 71375

Re: ASL Web Errors

OK, so that would mean OSSEC isnt failing and restarting. But just in case the log file was rotated and it did fail for some reason, lets expand that grep to include all your log files: zgrep ERROR /var/ossec/logs/ossec.log* | egrep -iv "diff|queue" As for the email error, that means your...
by jbmoore
Fri Jul 06, 2018 2:12 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Web Errors
Replies: 28
Views: 71375

Re: ASL Web Errors

Lets see if OSSEC is restarting for expected reasons (rule updates), or if its having some problem that caused it to stop running. Do you see any errors in this log file: grep ERROR /var/ossec/logs/ossec.log | egrep -iv "diff|queue" The only error showing up is relating to mail. I checked...
by jbmoore
Thu Jul 05, 2018 3:45 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Web Errors
Replies: 28
Views: 71375

Re: ASL Web Errors

Interface just hasnt updated yet, give it a bit and that will go away. Actually that does not make complete sense, unless it is restarting automatically?? I restarted ossec manually several weeks ago when I I first posted this issue. I then refreshed the interface. Messages gone. Now it is showing ...
by jbmoore
Thu Jul 05, 2018 12:33 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Web Errors
Replies: 28
Views: 71375

Re: ASL Web Errors

See if its running with: ps ax |grep ossec here is the output.. 4630 ? Ssl 0:00 /var/ossec/bin/ossec-modulesd -f 4633 ? Ss 0:01 /var/ossec/bin/ossec-maild -f 4640 ? Ssl 0:29 /var/ossec/bin/ossec-db -f 4643 ? Ssl 0:03 /var/ossec/bin/ossec-execd -f 4710 ? Ss 18:14 /var/ossec/bin/ossec-analysisd -f 47...
by jbmoore
Tue Jul 03, 2018 6:22 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Web Errors
Replies: 28
Views: 71375

Re: ASL Web Errors

Reset the FIM db with: 1) rm -f /var/ossec/queue/syscheck/* 2) service ossec-hids restart Still getting these errors.. as of today.. (502) ASLW::_test_ossec - An OSSEC component is not running: ossec-dbd (502) ASLW::_test_ossec - An OSSEC component is not running: ossec-analysisd (502) ASLW::_test_...
by jbmoore
Tue Jul 03, 2018 6:15 pm
Forum: Atomic Protector (formerly ASL)
Topic: OpenSCAP: $(oscap.check.title) (not passed)
Replies: 1
Views: 13467

OpenSCAP: $(oscap.check.title) (not passed)

Hi, Got the above output in my event log and when I click "read more" on that event, there was no documentation.. So... Below is the description in the event details.. Seems to suggest the "privileged functions" where misused.. Is this something that I should look into further..?...
by jbmoore
Mon Jun 25, 2018 3:17 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Web Errors
Replies: 28
Views: 71375

Re: ASL Web Errors

scott wrote:Reset the FIM db with:

1)
rm -f /var/ossec/queue/syscheck/*

2)
service ossec-hids restart
Got it... Thanks... I'll monitor it and see if that fixes the problem..
by jbmoore
Thu Jun 21, 2018 11:28 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Web Errors
Replies: 28
Views: 71375

Re: ASL Web Errors

mikeshinn wrote:
(502) ASLW::_test_ossec - An OSSEC component is not running:....
what errors do you see in

/var/ossec/logs/ossec.log

Entire log filled with..

2018/06/21 22:43:09 ossec-analysisd: ERROR: Invalid integrity message in the database. (37,536 lines)
by jbmoore
Thu Jun 21, 2018 4:47 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Web Errors
Replies: 28
Views: 71375

Re: ASL Web Errors

Thanks, make sense...

But...

Why am I continually getting the:

(502) ASLW::_test_ossec - An OSSEC component is not running:....
and..
2018/06/01 14:47:41 ossec-analysisd: ERROR: Invalid integrity message in the database.

errors...???
by jbmoore
Thu Jun 21, 2018 3:14 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Web Errors
Replies: 28
Views: 71375

Re: ASL Web Errors

Hm... I'm thinking that these "bad request" errors are coming from my trying to delete the whitelist entries.. I notice that they don't always disappear from the interface right away so I might be sending delete requests that have already been deleted..??? Make sense?
by jbmoore
Mon Jun 18, 2018 6:28 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Web Errors
Replies: 28
Views: 71375

Re: ASL Web Errors

Just noticed some new error messages... (9999) ASLValidate::validate_asl - Bad/incomplete data from request (9999) ASLValidate::validate_asl - Bad/incomplete data from request (9999) ASLValidate::validate_asl - Bad/incomplete data from request (9999) ASLValidate::validate_asl - Bad/incomplete data f...
by jbmoore
Sat Jun 16, 2018 7:29 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Web Errors
Replies: 28
Views: 71375

Re: ASL Web Errors

Some additional notes as I followed the docs on this... https://wiki.atomicorp.com/wiki/index.php/ASL_error_messages#Command_executed:_.2Fsbin.2Fservice_ossec-hids_restart 1) ASL not up to date... UPDATE_TYPE = "all" 2) MySql problems.. I did a table analysis and returned that all tables a...
by jbmoore
Sat Jun 16, 2018 6:52 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Web Errors
Replies: 28
Views: 71375

Re: ASL Web Errors

Hi, Well it appears that ossec has shut down again.. same messages when I opened up ASL web interface today..

Oh and I did a restart of ossec and then refreshed the interface.. Messages were at first gone, but a few minutes later they appeared again.

Any ideas on how to fix this ???

Thanks..