Search found 30 matches
- Fri Jan 25, 2019 2:47 am
- Forum: Atomic Protector (formerly ASL)
- Topic: apachectl location wrong
- Replies: 0
- Views: 60394
apachectl location wrong
I'm seeing the error: ASL Common::cmd system - ERROR: '/usr/sbin/apachectl graceful (1)' ..and that is not where my apache install is located, should be: /usr/local/apache/bin/apachectl graceful I checked the config file for ASL and can not find a setting for this path.. So.. How and were do I updat...
- Thu Jul 12, 2018 4:57 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: OpenSCAP: $(oscap.check.title) (not passed)
- Replies: 1
- Views: 18322
Re: OpenSCAP: $(oscap.check.title) (not passed)
I'm still seeing this in my Recent Events log.. Any feedback on whether or if this is something I should be pursuing..??
Thanks..
Thanks..
- Fri Jul 06, 2018 6:46 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Errors
- Replies: 28
- Views: 84428
Re: ASL Web Errors
OK, so that would mean OSSEC isnt failing and restarting. But just in case the log file was rotated and it did fail for some reason, lets expand that grep to include all your log files: zgrep ERROR /var/ossec/logs/ossec.log* | egrep -iv "diff|queue" As for the email error, that means your...
- Fri Jul 06, 2018 2:12 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Errors
- Replies: 28
- Views: 84428
Re: ASL Web Errors
Lets see if OSSEC is restarting for expected reasons (rule updates), or if its having some problem that caused it to stop running. Do you see any errors in this log file: grep ERROR /var/ossec/logs/ossec.log | egrep -iv "diff|queue" The only error showing up is relating to mail. I checked...
- Thu Jul 05, 2018 3:45 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Errors
- Replies: 28
- Views: 84428
Re: ASL Web Errors
Interface just hasnt updated yet, give it a bit and that will go away. Actually that does not make complete sense, unless it is restarting automatically?? I restarted ossec manually several weeks ago when I I first posted this issue. I then refreshed the interface. Messages gone. Now it is showing ...
- Thu Jul 05, 2018 12:33 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Errors
- Replies: 28
- Views: 84428
Re: ASL Web Errors
See if its running with: ps ax |grep ossec here is the output.. 4630 ? Ssl 0:00 /var/ossec/bin/ossec-modulesd -f 4633 ? Ss 0:01 /var/ossec/bin/ossec-maild -f 4640 ? Ssl 0:29 /var/ossec/bin/ossec-db -f 4643 ? Ssl 0:03 /var/ossec/bin/ossec-execd -f 4710 ? Ss 18:14 /var/ossec/bin/ossec-analysisd -f 47...
- Tue Jul 03, 2018 6:22 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Errors
- Replies: 28
- Views: 84428
Re: ASL Web Errors
Reset the FIM db with: 1) rm -f /var/ossec/queue/syscheck/* 2) service ossec-hids restart Still getting these errors.. as of today.. (502) ASLW::_test_ossec - An OSSEC component is not running: ossec-dbd (502) ASLW::_test_ossec - An OSSEC component is not running: ossec-analysisd (502) ASLW::_test_...
- Tue Jul 03, 2018 6:15 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: OpenSCAP: $(oscap.check.title) (not passed)
- Replies: 1
- Views: 18322
OpenSCAP: $(oscap.check.title) (not passed)
Hi, Got the above output in my event log and when I click "read more" on that event, there was no documentation.. So... Below is the description in the event details.. Seems to suggest the "privileged functions" where misused.. Is this something that I should look into further..?...
- Mon Jun 25, 2018 3:17 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Errors
- Replies: 28
- Views: 84428
Re: ASL Web Errors
Got it... Thanks... I'll monitor it and see if that fixes the problem..scott wrote:Reset the FIM db with:
1)
rm -f /var/ossec/queue/syscheck/*
2)
service ossec-hids restart
- Thu Jun 21, 2018 11:28 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Errors
- Replies: 28
- Views: 84428
Re: ASL Web Errors
mikeshinn wrote:what errors do you see in(502) ASLW::_test_ossec - An OSSEC component is not running:....
/var/ossec/logs/ossec.log
Entire log filled with..
2018/06/21 22:43:09 ossec-analysisd: ERROR: Invalid integrity message in the database. (37,536 lines)
- Thu Jun 21, 2018 4:47 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Errors
- Replies: 28
- Views: 84428
Re: ASL Web Errors
Thanks, make sense...
But...
Why am I continually getting the:
(502) ASLW::_test_ossec - An OSSEC component is not running:....
and..
2018/06/01 14:47:41 ossec-analysisd: ERROR: Invalid integrity message in the database.
errors...???
But...
Why am I continually getting the:
(502) ASLW::_test_ossec - An OSSEC component is not running:....
and..
2018/06/01 14:47:41 ossec-analysisd: ERROR: Invalid integrity message in the database.
errors...???
- Thu Jun 21, 2018 3:14 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Errors
- Replies: 28
- Views: 84428
Re: ASL Web Errors
Hm... I'm thinking that these "bad request" errors are coming from my trying to delete the whitelist entries.. I notice that they don't always disappear from the interface right away so I might be sending delete requests that have already been deleted..??? Make sense?
- Mon Jun 18, 2018 6:28 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Errors
- Replies: 28
- Views: 84428
Re: ASL Web Errors
Just noticed some new error messages... (9999) ASLValidate::validate_asl - Bad/incomplete data from request (9999) ASLValidate::validate_asl - Bad/incomplete data from request (9999) ASLValidate::validate_asl - Bad/incomplete data from request (9999) ASLValidate::validate_asl - Bad/incomplete data f...
- Sat Jun 16, 2018 7:29 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Errors
- Replies: 28
- Views: 84428
Re: ASL Web Errors
Some additional notes as I followed the docs on this... https://wiki.atomicorp.com/wiki/index.php/ASL_error_messages#Command_executed:_.2Fsbin.2Fservice_ossec-hids_restart 1) ASL not up to date... UPDATE_TYPE = "all" 2) MySql problems.. I did a table analysis and returned that all tables a...
- Sat Jun 16, 2018 6:52 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Errors
- Replies: 28
- Views: 84428
Re: ASL Web Errors
Hi, Well it appears that ossec has shut down again.. same messages when I opened up ASL web interface today..
Oh and I did a restart of ossec and then refreshed the interface.. Messages were at first gone, but a few minutes later they appeared again.
Any ideas on how to fix this ???
Thanks..
Oh and I did a restart of ossec and then refreshed the interface.. Messages were at first gone, but a few minutes later they appeared again.
Any ideas on how to fix this ???
Thanks..