Another "stale PID file found, process will be restarted at the next 5-minute interval!"
427 views
Skip to first unread message
Jeffery Palmer
Jun 19, 2018, 9:48:42 AM6/19/18
to security-onion
I have a sensor that randomly will state that there is a stale PID file found when running "sudo service nsm status". I thought that it might be due to a bad pf_ring but when i try to update it I get that it isn't possible, it cannot be downloaded. I am assuming that this is because I am on a private network. My PF-Ring ver is 6.6.0 and I have a total of 2 rings. I have included the sostat-redacted for this particular sensor for assistance.
Wes Lambert
Jun 20, 2018, 8:05:07 AM6/20/18
to securit...@googlegroups.com
HI Jeffrey,
You'll want to try checking the log(s) in /var/log/nsm/hostname-interface/snortu-x.log for clues.
Thanks,
Wes
On Tue, Jun 19, 2018 at 9:48 AM Jeffery Palmer <j.c.pal...@gmail.com> wrote:
I have a sensor that randomly will state that there is a stale PID file found when running "sudo service nsm status". I thought that it might be due to a bad pf_ring but when i try to update it I get that it isn't possible, it cannot be downloaded. I am assuming that this is because I am on a private network. My PF-Ring ver is 6.6.0 and I have a total of 2 rings. I have included the sostat-redacted for this particular sensor for assistance.
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Jeffery Palmer
Jun 22, 2018, 9:44:07 AM6/22/18
to security-onion
Is there a way to pull the snortu-x.log redacted as well. I am currently just trying to remove specific details.
Wes Lambert
Jun 23, 2018, 9:54:08 AM6/23/18
to securit...@googlegroups.com
Jeffrey,
There is no way to redact the snortu-x log, other than manually. You really just need to check the last few lines of the file, to see if Snort is complaining about anything.
Thanks,
Wes
On Fri, Jun 22, 2018 at 9:44 AM Jeffery Palmer <j.c.pal...@gmail.com> wrote:
Is there a way to pull the snortu-x.log redacted as well. I am currently just trying to remove specific details.
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Jeffery Palmer
Jun 26, 2018, 8:49:12 AM6/26/18
to security-onion
Wes,
Sorry for the delayed response. I was able to take out the information pertaining to my network. The error seems to be happening while going through my BPF file but the weird thing about that is that the file has ran successfully before. So, that leads me to wonder if it worked at all before and we just didn't catch it or if it actually was working as intended and there is some underlining issue that I cannot figure out. If there is anything that anyone sees that we could possibly change to better configure the servers please let me know. I am always willing to make my systems run better by making any necessary changes.
V/R
Jeff
Sorry for the delayed response. I was able to take out the information pertaining to my network. The error seems to be happening while going through my BPF file but the weird thing about that is that the file has ran successfully before. So, that leads me to wonder if it worked at all before and we just didn't catch it or if it actually was working as intended and there is some underlining issue that I cannot figure out. If there is anything that anyone sees that we could possibly change to better configure the servers please let me know. I am always willing to make my systems run better by making any necessary changes.
V/R
Jeff
Reply all
Reply to author
Forward
0 new messages