Re: [security-onion] snort-1 (alert data) stale PID file found process will be restarted at the next 5-minute interval!
999 views
Skip to first unread message
Heine Lysemose
Apr 16, 2013, 2:03:28 PM4/16/13
to securit...@googlegroups.com
Hi
You could try to look for traces in /var/log/nsm/$SERVERNAME-$INTERFACE/snortu-*.log
Regards,
Lysemose
On Tue, Apr 16, 2013 at 7:15 PM, Kevin Severs <kdse...@gmail.com> wrote:
Hey Guys,
I just installed SO in an Ubuntu 12.04 VM (server) and on a new server (sensor).
I ran the command: 'sudo service nsm status' and received errors in my snort (alert data) services.
snort-1 (alert data) stale PID file found process will be restarted at the next 5-minute interval! [ FAIL ]
snort-2 (alert data) stale PID file found process will be restarted at the next 5-minute interval! [ FAIL ]
snort-3 (alert data) stale PID file found process will be restarted at the next 5-minute interval! [ FAIL ]
snort-4 (alert data) stale PID file found process will be restarted at the next 5-minute interval! [ FAIL ]
snort-5 (alert data) stale PID file found process will be restarted at the next 5-minute interval! [ FAIL ]
snort-6 (alert data) stale PID file found process will be restarted at the next 5-minute interval! [ FAIL ]
snort-7 (alert data) [ OK ]
snort-8 (alert data) stale PID file found process will be restarted at the next 5-minute interval! [ FAIL ]
For some reason 1-6 and 8 failed, but 7 was fine.
Any help in troubleshooting this would be greatly apppreciated.
--
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at http://groups.google.com/group/security-onion?hl=en-US.
For more options, visit https://groups.google.com/groups/opt_out.
Doug Burks
Apr 17, 2013, 4:57:42 PM4/17/13
to securit...@googlegroups.com
Hi Kevin,
I'm not sure why you wouldn't have any log files anymore.
Have you tried restarting the services?
sudo service nsm restart
Please send the output of the following (redacting sensitive info as necessary):
sudo sostat
Thanks,
Doug
On Wed, Apr 17, 2013 at 9:16 AM, Kevin S. <kdse...@gmail.com> wrote:
> Yesterday I looked through the logs and noticed that it was a simple syntax error in my rules file that was causing it. This morning I ran 'sudo service nsm status' again and snort (alert data) 1-5 and 7-8 are failing and I don't have any log files in my interface's directory.
--
Doug Burks
http://securityonion.blogspot.com
I'm not sure why you wouldn't have any log files anymore.
Have you tried restarting the services?
sudo service nsm restart
Please send the output of the following (redacting sensitive info as necessary):
sudo sostat
Thanks,
Doug
On Wed, Apr 17, 2013 at 9:16 AM, Kevin S. <kdse...@gmail.com> wrote:
> Yesterday I looked through the logs and noticed that it was a simple syntax error in my rules file that was causing it. This morning I ran 'sudo service nsm status' again and snort (alert data) 1-5 and 7-8 are failing and I don't have any log files in my interface's directory.
Doug Burks
http://securityonion.blogspot.com
Reply all
Reply to author
Forward
0 new messages