Re: [Os-sim-support] OSSIM-server not listening on port 40001

[David W. <dw...@ad...>]

OK so I'm poking around a little bit more and I try this:

 

 


idsmanager:~# find /var/lib/mysql -type f -exec grep -l OLD_IP_REDACTED
{} \;

/var/lib/mysql/ib_logfile0

/var/lib/mysql/ossim/event.MYD

/var/lib/mysql/ossim/log_action.MYI

/var/lib/mysql/ossim/log_action.MYD

/var/lib/mysql/ossim/sensor_agent_info.MYD

/var/lib/mysql/ossim/sensor_agent_info.MYI

/var/lib/mysql/ossim/event_tmp.MYD

/var/lib/mysql/ibdata1

 

So I check that table and I see:

 

mysql> select * from sensor_agent_info;

+-----------------+---------+

| ip              | version |

+-----------------+---------+

| OLD_IP_REDACTED | 2.1     |

| NEW_IP_REDACTED | 2.1     |

+-----------------+---------+

2 rows in set (0.01 sec)

 

The sensor should be listening on 127.0.0.1 no?

Why is my old IP still in there, and does it do anything?

 

Can I get the server to be more verbose?

 

-Dave

 

 

________________________________

From: David Wilson [mailto:dw...@ad...] 
Sent: Thursday, September 24, 2009 3:11 PM
To: os-...@li...
Subject: Re: [Os-sim-support] OSSIM-server not listening on port 40001

 

 

I did use the OSSIM cd to install Debian and OSSIM.

 

this is what I see in the log:

 

2009-09-24 15:04:44 OSSIM-Message: Starting OSSIM Server engine.
Version: 2.1.4-2

2009-09-24 15:04:44 OSSIM-Debug: Starting OSSIM server debug with
process id: 32328

2009-09-24 15:04:44 OSSIM-Debug: sim_container_db_load_plugins_ul OOOO

2009-09-24 15:04:46 OSSIM-Message: Please be patient; This will take a
while. Depending on your plugin_sid list and your system, may be some
minutes...

2009-09-24 15:06:17 OSSIM-Message: Starting OSSIM Server engine.
Version: 2.1.4-2

2009-09-24 15:06:18 OSSIM-Message: Please be patient; This will take a
while. Depending on your plugin_sid list and your system, may be some
minutes...

2009-09-24 15:06:41 OSSIM-Message: Starting OSSIM Server engine.
Version: 2.1.4-2

2009-09-24 15:06:42 OSSIM-Message: Please be patient; This will take a
while. Depending on your plugin_sid list and your system, may be some
minutes...

2009-09-24 15:09:19 OSSIM-Message: Starting OSSIM Server engine.
Version: 2.1.4-2

2009-09-24 15:09:20 OSSIM-Message: Please be patient; This will take a
while. Depending on your plugin_sid list and your system, may be some
minutes...The message repeats every 2 minutes.  

 

 

idsmanager:~# netstat -anp | grep 4000

tcp        0      0 127.0.0.1:40003         0.0.0.0:*
LISTEN      30568/python

 

I have run an strace on the server and it doesn't seem to be attempting
to open the socket.

 

This doesn't work:

strace -s4096  -f -o ~/strace.out ossim-server -D6 -i 127.0.0.1 -p 40001
&

 

 

This doesn't work:

/etc/init.d/ossim-server stop

/etc/init.d/ossim-server start

 

 

 

Any hints would be appreciated.

 

-Dave

 

 

 

 

 

-----Original Message-----
From: Ritter, Nicholas [mailto:Nic...@am...] 
Sent: Tuesday, September 22, 2009 6:19 PM
To: David Wilson; os-...@li...
Subject: RE: [Os-sim-support] New reply to Re: OSSIM-server not
listening onport 40001 by gsporter

 

Is something else running on that port?

 

Did you install OSSIM via the ISO?

 

Nick

 

OCSA, OCSE

 

 

 

 

-----Original Message-----

From: David Wilson [mailto:dw...@ad...]

Sent: Tue 9/22/2009 6:10 PM

To: os-...@li...

Subject: Re: [Os-sim-support] New reply to Re: OSSIM-server not
listening onport 40001 by gsporter

 

Did that.  No love.

 

-dave

 

 

 

 

 

________________________________

 

From: fo...@al... [mailto:fo...@al...] 

Sent: Tuesday, September 22, 2009 3:48 PM

To: David Wilson

Subject: New reply to Re: OSSIM-server not listening on port 40001 by
gsporter

 

 

 

Subject: Re: OSSIM-server not listening on port 40001

 

      Author: gsporter

 

      Date: Tue, 22 September 2009 17:47

 

      

I would start by running ossim-setup

 

ossim#ossim-setup

 

1st going thru the profile (option 2)

2nd run the update (option 4)

3rd run Apply and Save (option 5)

 

Check and see if the framework is listening

 

netstat -apn | grep LISTEN |grep 40001

 

Check and see if the framwork dameon is listening

 

netstat -apn | grep LISTEN |grep 40003

 

 

killall ossim-framework; ossim-framework -v

 

then 

 

killall ossim-framework; ossim-framework -d

 

and rerun the checks.

 

 

GP 

 

      

[ Reply
<https://www.alienvault.com/forum/index.php?t=post&reply_to=4875>  ][
Quote
<https://www.alienvault.com/forum/index.php?t=post&reply_to=4875&quote=t
rue>  ][ View Topic/Message
<https://www.alienvault.com/forum/index.php?t=rview&goto=4875#msg_4875>
][ Unsubscribe from this topic
<https://www.alienvault.com/forum/index.php?t=rview&th=1571>  ]