store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Sat Dec 14, 2019 10:32 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 29 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: ASL Web Errors
Unread postPosted: Mon May 28, 2018 8:59 pm 
Offline
Forum User
Forum User

Joined: Thu Mar 09, 2017 7:26 pm
Posts: 30
Location: California
I'm suddenly seeing the following errors at the bottom of the ASL Web interface..

(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-dbd
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-analysisd
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-logcollec
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-syscheckd
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-monitord
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-execd
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-dbd
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-logcollec
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-syscheckd
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-monitord
(9999) ASLValidate::validate_asl - Bad/incomplete data from request

Is this just "informative" or should I be doing something to address this..??? I read somewhere in the docs that ASL monitors and restarts services when there is a problem. ??

Thanks..


Top
 Profile  
Reply with quote  
 Post subject: Re: ASL Web Errors
Unread postPosted: Tue May 29, 2018 4:41 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4088
Location: Chantilly, VA
That means all of OSSEC is shut down, generally this can happen if ASL has been configured to disable OSSEC or if something has removed or replaced OSSEC. To address this follow this process:

https://wiki.atomicorp.com/wiki/index.p ... ds_restart

Or contact support AT atomicorp DOT com and we can assist you.

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
 Post subject: Re: ASL Web Errors
Unread postPosted: Tue May 29, 2018 5:10 pm 
Offline
Forum User
Forum User

Joined: Thu Mar 09, 2017 7:26 pm
Posts: 30
Location: California
mikeshinn wrote:
That means all of OSSEC is shut down, generally this can happen if ASL has been configured to disable OSSEC or if something has removed or replaced OSSEC. To address this follow this process:

https://wiki.atomicorp.com/wiki/index.p ... ds_restart

Or contact support AT atomicorp DOT com and we can assist you.


Great..thanks..That did it!!

I did do a wiki search for that under "ossec restart" and did not come up with that link..

So.. since I did not disable it, and did not remove or replace it... What happen???


Top
 Profile  
Reply with quote  
 Post subject: Re: ASL Web Errors
Unread postPosted: Thu May 31, 2018 3:27 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4088
Location: Chantilly, VA
Which of those troubleshooting steps addressed this for you?

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
 Post subject: Re: ASL Web Errors
Unread postPosted: Thu May 31, 2018 4:06 pm 
Offline
Forum User
Forum User

Joined: Thu Mar 09, 2017 7:26 pm
Posts: 30
Location: California
mikeshinn wrote:
Which of those troubleshooting steps addressed this for you?


Just the restart..

Which made me ask as to why that was required (why it died/shutdown).. since I did not disable it, and did not remove or replace it..

Thanks..


Top
 Profile  
Reply with quote  
 Post subject: Re: ASL Web Errors
Unread postPosted: Fri Jun 01, 2018 2:53 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4088
Location: Chantilly, VA
Two things could cause those processes to stop:

1) system ran out of drive space

2) another error caused a shutdown

In the case of 2 (an error caused a shut down), that would be logged in /var/ossec/logs/ossec.log. If the system didnt run out of drive space or inodes, what errors do you see in /var/ossec/logs/ossec.log?

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
 Post subject: Re: ASL Web Errors
Unread postPosted: Fri Jun 01, 2018 7:13 pm 
Offline
Forum User
Forum User

Joined: Thu Mar 09, 2017 7:26 pm
Posts: 30
Location: California
mikeshinn wrote:
Two things could cause those processes to stop:

1) system ran out of drive space

2) another error caused a shutdown

In the case of 2 (an error caused a shut down), that would be logged in /var/ossec/logs/ossec.log. If the system didnt run out of drive space or inodes, what errors do you see in /var/ossec/logs/ossec.log?


Drive space...

Filesystem Size Used Avail Use% Mounted on
/dev/md1 4.0G 1.1G 2.9G 28% /
devtmpfs 7.8G 0 7.8G 0% /dev
tmpfs 7.9G 84K 7.9G 1% /dev/shm
tmpfs 7.9G 755M 7.1G 10% /run
tmpfs 7.9G 0 7.9G 0% /sys/fs/cgroup
/dev/mapper/vg00-usr 1013G 65G 908G 7% /usr
none 7.9G 6.7M 7.9G 1% /tmp
/dev/mapper/vg00-home 4.8G 37M 4.5G 1% /home
/dev/mapper/vg00-var 202G 22G 173G 11% /var
tmpfs 1.6G 48K 1.6G 1% /run/user/0

Inodes

Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/md1 262144 18432 243712 8% /
devtmpfs 2037335 432 2036903 1% /dev
tmpfs 2051911 6 2051905 1% /dev/shm
tmpfs 2051911 912 2050999 1% /run
tmpfs 2051911 16 2051895 1% /sys/fs/cgroup
/dev/mapper/vg00-usr 67436544 325904 67110640 1% /usr
none 2051911 26 2051885 1% /tmp
/dev/mapper/vg00-home 327680 352 327328 1% /home
/dev/mapper/vg00-var 13434880 228289 13206591 2% /var
tmpfs 2051911 12 2051899 1% /run/user/0

ossec.log..

Pages and pages of these..

2018/06/01 14:47:41 ossec-analysisd: ERROR: Invalid integrity message in the database.

(did not find this message in the wiki nor knowledgebase..??)

I guess this would be a starting point... How to fix??


Top
 Profile  
Reply with quote  
 Post subject: Re: ASL Web Errors
Unread postPosted: Sat Jun 09, 2018 7:05 pm 
Offline
Forum User
Forum User

Joined: Thu Mar 09, 2017 7:26 pm
Posts: 30
Location: California
Just being a squeaky wheel here... the ossec.log is still largely full of the "Invalid integrity..." message..

Ideas..??


Top
 Profile  
Reply with quote  
 Post subject: Re: ASL Web Errors
Unread postPosted: Sat Jun 16, 2018 6:52 pm 
Offline
Forum User
Forum User

Joined: Thu Mar 09, 2017 7:26 pm
Posts: 30
Location: California
Hi, Well it appears that ossec has shut down again.. same messages when I opened up ASL web interface today..

Oh and I did a restart of ossec and then refreshed the interface.. Messages were at first gone, but a few minutes later they appeared again.

Any ideas on how to fix this ???

Thanks..


Top
 Profile  
Reply with quote  
 Post subject: Re: ASL Web Errors
Unread postPosted: Sat Jun 16, 2018 7:29 pm 
Offline
Forum User
Forum User

Joined: Thu Mar 09, 2017 7:26 pm
Posts: 30
Location: California
Some additional notes as I followed the docs on this...

https://wiki.atomicorp.com/wiki/index.p ... ds_restart

1) ASL not up to date... UPDATE_TYPE = "all"
2) MySql problems.. I did a table analysis and returned that all tables are "OK" Since all the tables in tortix are InnoDB tables most of the instructions in the docs do not apply or so my understanding. There is the problem with the message in the ossec log "ossec-analysisd: ERROR: Invalid integrity message in the database." which I still don't understand.
3) OSSEC_ENABLED = "yes"
4) Since restarting ossec does not return any errors... I don't think this applies..??
5,6,7,8,9) The Mysql database seems to be working fine for all other applications.. so I don't know if any of these might be relevant..??

Any other ideas or am I misunderstanding something critical??


Top
 Profile  
Reply with quote  
 Post subject: Re: ASL Web Errors
Unread postPosted: Mon Jun 18, 2018 6:28 pm 
Offline
Forum User
Forum User

Joined: Thu Mar 09, 2017 7:26 pm
Posts: 30
Location: California
Just noticed some new error messages...

(9999) ASLValidate::validate_asl - Bad/incomplete data from request
(9999) ASLValidate::validate_asl - Bad/incomplete data from request
(9999) ASLValidate::validate_asl - Bad/incomplete data from request
(9999) ASLValidate::validate_asl - Bad/incomplete data from request
(9999) ASLValidate::validate_asl - Bad/incomplete data from request
(9999) ASLValidate::validate_asl - Bad/incomplete data from request
(9999) ASLValidate::validate_asl - Bad/incomplete data from request
(9999) ASLValidate::validate_asl - Bad/incomplete data from request
(9999) ASLValidate::validate_asl - Bad/incomplete data from request
(9999) ASLValidate::validate_asl - Bad/incomplete data from request
(9999) ASLValidate::validate_asl - Bad/incomplete data from request
(9999) ASLValidate::validate_asl - Bad/incomplete data from request
(9999) ASLValidate::validate_asl - Bad/incomplete data from request
(9999) ASLValidate::validate_asl - Bad/incomplete data from request
(9999) ASLValidate::validate_asl - Bad/incomplete data from request
(9999) ASLValidate::validate_asl - Bad/incomplete data from request
(9999) ASLValidate::validate_asl - Bad/incomplete data from request


Top
 Profile  
Reply with quote  
 Post subject: Re: ASL Web Errors
Unread postPosted: Thu Jun 21, 2018 3:14 pm 
Offline
Forum User
Forum User

Joined: Thu Mar 09, 2017 7:26 pm
Posts: 30
Location: California
Hm... I'm thinking that these "bad request" errors are coming from my trying to delete the whitelist entries.. I notice that they don't always disappear from the interface right away so I might be sending delete requests that have already been deleted..??? Make sense?


Top
 Profile  
Reply with quote  
 Post subject: Re: ASL Web Errors
Unread postPosted: Thu Jun 21, 2018 4:02 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4088
Location: Chantilly, VA
That just means the system was temporarily unable to connect to the update servers. You can ignore it.

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
 Post subject: Re: ASL Web Errors
Unread postPosted: Thu Jun 21, 2018 4:47 pm 
Offline
Forum User
Forum User

Joined: Thu Mar 09, 2017 7:26 pm
Posts: 30
Location: California
Thanks, make sense...

But...

Why am I continually getting the:

(502) ASLW::_test_ossec - An OSSEC component is not running:....
and..
2018/06/01 14:47:41 ossec-analysisd: ERROR: Invalid integrity message in the database.

errors...???


Top
 Profile  
Reply with quote  
 Post subject: Re: ASL Web Errors
Unread postPosted: Thu Jun 21, 2018 5:01 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4088
Location: Chantilly, VA
Quote:
(502) ASLW::_test_ossec - An OSSEC component is not running:....


what errors do you see in

/var/ossec/logs/ossec.log

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 29 posts ]  Go to page 1, 2  Next

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group