Re: [Sguil-users] squil 0.8, ERROR: unable to set certificate file file /etc/nsm/server1/certs/sgu
Status: Beta
Brought to you by:
bamm
From: Stefan S. <Ste...@fe...> - 2011-02-27 09:34:09
|
Bam, and i get this on the sensor side Sensor Data Rcvd: Sending sguild (sock5) PING Socket sock5 closed Attempting to reconnect. Connected to 192.168.1.78 Sending sguild (sock5) RegisterAgent sancp Serrig-DMZ DMZ_Net_Serrig Sensor Data Rcvd: AgentInfo Serrig-DMZ sancp DMZ_Net_Serrig 5 0 Error: error renaming "couldn't open "/nsm/sensor_data/Serrig-DMZ/sancp/stats.br1.1298776057": too many open files": no such file or directory error renaming "couldn't open "/nsm/sensor_data/Serrig-DMZ/sancp/stats.br1.1298776057": too many open files": no such file or directory while executing "file rename $newFiles FAILED-$newFiles " (procedure "CheckForSancpFiles" line 24) invoked from within "CheckForSancpFiles" ("after" script) I think i switch back to V 0.7 Stefan Von: Stefan Sabolowitsch [mailto:Ste...@fe...] Gesendet: Sonntag, 27. Februar 2011 09:15 An: sgu...@li... Betreff: [Sguil-users] squil 0.8, ERROR: unable to set certificate file file /etc/nsm/server1/certs/sguild.pem: Too many open files Hi Bamm, thank you for squil 0.8 I get this error Message after some time. #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- pid(2332) ERROR: unable to set certificate file /etc/nsm/server1/certs/sguild.pem: Too many open files Error: can not find channel named "sock13" can not find channel named "sock13" while executing "flush $pcapSocketID" (procedure "GetRawDataFromSensor" line 18) invoked from within "GetRawDataFromSensor $TRANS_ID $sensor $sensorID $timestamp $srcIP $srcPort $dstIP $dstPort 6 $rawDataFileName xscript" (procedure "XscriptRequest" line 26) invoked from within "XscriptRequest sock14 Serrig-intern 3 .serrig-intern_1477 {2011-02-26 21:58:42} 192.168.1.48 3389 192.168.50.15 49929 0" ("eval" body line 1) invoked from within "eval $clientCmd $socketID [lrange $data 1 end] " ("XscriptRequest" arm line 1) invoked from within "switch -exact $clientCmd { DeleteEventIDList { $clientCmd $socketID [lindex $data 1] [lindex $data 2] [lindex $data 3] } EventHistoryR..." (procedure "ClientCmdRcvd" line 46) invoked from within "ClientCmdRcvd sock14" SGUILD: killing child procs... SGUILD: Exiting... #-#-#-#-#-#-#-#-#-#-#-#-#-##-#-#-#-#-# Possibly an idea? PS: I noticed that there is not the option switch "-u" any longer (sguil start with nsmnow) . |