Nothing returned (or search expired)

120 views
Skip to first unread message

vi...@acpl.com

unread,
Dec 24, 2015, 4:25:26 AM12/24/15
to ossec-list
Hi,

We have installed OSSEC-WUI but when we search log level 7 then we are greeting error "Total alerts found: Nothing returned (or search expired)". Can someone help to fix the issue.

Regards
Vipin Hooda

dan (ddp)

unread,
Dec 24, 2015, 8:15:51 AM12/24/15
to ossec...@googlegroups.com
Are there any level 7 alerts in alerts.log?
Are there any PHP errors that might explain this?

> Regards
> Vipin Hooda
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

Vipin Hooda

unread,
Dec 25, 2015, 7:13:10 AM12/25/15
to ossec...@googlegroups.com
Hi Dan,

Yes we have log level 7 alerts in OSSEC-WUI but I do not know from where I can find PHP error details. So kindly guide.


Regards
Vipin Hooda
You received this message because you are subscribed to a topic in the Google Groups "ossec-list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ossec-list/RSn2zhXabEs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ossec-list+...@googlegroups.com.

theresa mic-snare

unread,
Dec 27, 2015, 11:42:57 AM12/27/15
to ossec-list
Hi Vipin,

out of curiosity, do you have SELinux enabled?
Do you have it set to enforcing?

best,
theresa

Vipin Hooda

unread,
Dec 27, 2015, 10:57:51 PM12/27/15
to ossec...@googlegroups.com

Hi Theresa,

 

Selinux is in disabled mode.

 

 

Regards

Vipin Hooda

theresa mic-snare

unread,
Dec 28, 2015, 10:04:03 AM12/28/15
to ossec-list
Hi Vipin,

ok, does the tmp directory exist inside your ossec installation?
this directory should belong to root:apache or whatever your group for the webserver user is called....

I had this problem a while ago too, and I think this was my issue along with some missing SELinux permissions...

what does the webserver logs say?

best,
theresa

dan (ddp)

unread,
Dec 28, 2015, 10:44:07 AM12/28/15
to ossec...@googlegroups.com
On Fri, Dec 25, 2015 at 7:12 AM, Vipin Hooda <vi...@acpl.com> wrote:
> Hi Dan,
>
> Yes we have log level 7 alerts in OSSEC-WUI but I do not know from where I can find PHP error details. So kindly guide.
>

I believe it will be in your webserver's error log.

theresa mic-snare

unread,
Dec 28, 2015, 11:27:53 AM12/28/15
to ossec-list
yeah, check your webserver logs if you see something like this

Warning: opendir(/var/ossec/etc/ossec.conf) [function.opendir]: failed to open dir: Permission denied in /var/www/ossec-wui/lib/os_lib_handle.php on line 94

Vipin Hooda

unread,
Dec 31, 2015, 6:02:56 AM12/31/15
to ossec...@googlegroups.com

Hi Dan,

 

I have checked logs but there is no such error. Kindly suggest .

 

 

Regards

Vipin Hooda

Lead Architect - Information Security

ACPL Systems Pvt. Ltd.

M : +91-9582596577 | vi...@acpl.com

cid:C0F1767D-E858-4B3E-856B-7EA74DDC1A2E

image001.jpg

dan (ddp)

unread,
Dec 31, 2015, 8:02:28 AM12/31/15
to ossec...@googlegroups.com
On Thu, Dec 31, 2015 at 6:02 AM, Vipin Hooda <vi...@acpl.com> wrote:
>
> Hi Dan,
>
>
>
> I have checked logs but there is no such error. Kindly suggest .
>
>


If there aren't some timeout errors, or permission errors, I don't
really have any ideas. I don't use WUI, it's unmaintained and less
useful than most other log systems.

>
>
>
> Regards
>
> Vipin Hooda
>
> Lead Architect - Information Security
>
> ACPL Systems Pvt. Ltd.
>
> M : +91-9582596577 | vi...@acpl.com
>
>
>
Reply all
Reply to author
Forward
0 new messages