nsm.service not found
1.241 de afișări
Accesați primul mesaj necitit
Joseph
9 aug. 2018, 11:48:1009.08.2018
– security-onion
I haven't logged into SO for a few days. It was all working perfect. Today I ran sudo service nsm status on both the server / sensor. Both 'Failed to restart nsm.service: Unit nsm.service not found.'
I also receive:
nsm.service
Loaded: not-found (reason: no such file or directory)
Active: inactive (dead)
I can't understand how these directories and services had such a big failure. The system has just been running / collecting for a week. There's been no interruption to my knowledge, but maybe that's incorrect. It looks like my only option is a full reinstallation.
Steven J
9 aug. 2018, 11:57:2709.08.2018
– securit...@googlegroups.com
Presuming you've updated, instead of sudo service nsm status try sudo so-status.
Steven Malm
Roc-Analyst I
Lyrical Security
174 Spadina Ave, Suite 400, Toronto, ON, Canada - M5T 2C2
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Joseph
9 aug. 2018, 11:59:3809.08.2018
– security-onion
I see that 5 days ago /var/log/nsm/pcap_agent.log.xxxx started failing to connect to the master on port 7736.
Steven J
9 aug. 2018, 12:01:4409.08.2018
– securit...@googlegroups.com
When you run sudo so-status, is the netsniff_ng service still running?
Steven Malm
Roc-Analyst I
Lyrical Security
174 Spadina Ave, Suite 400, Toronto, ON, Canada - M5T 2C2
On Thu, Aug 9, 2018 at 11:59 AM, Joseph <jc5...@gmail.com> wrote:
I see that 5 days ago /var/log/nsm/pcap_agent.log.xxxx started failing to connect to the master on port 7736.
Joseph
9 aug. 2018, 12:41:3809.08.2018
– security-onion
so-status: everything is OK on mast/sens
netsniff-ng.service
Loaded: not-found (Rason: No such file or directory)
Active: inactive (dead)
-fails on both mast/sens
netsniff-ng.service
Loaded: not-found (Rason: No such file or directory)
Active: inactive (dead)
-fails on both mast/sens
Joseph
9 aug. 2018, 12:55:3409.08.2018
– security-onion
I looked at a log: /var/log/nsm/netsniff-sync.log , each day's entry is same.
The msg looks fine, but wanted to site it for this investigation:
Mon Jul UTC Time is 00:00, so skipping check for netsniff date since /etc/cron.d/sensor-newday should be restarting it anyway.
The msg looks fine, but wanted to site it for this investigation:
Mon Jul UTC Time is 00:00, so skipping check for netsniff date since /etc/cron.d/sensor-newday should be restarting it anyway.
Joseph
9 aug. 2018, 13:34:1709.08.2018
– security-onion
/var/log/error shows pam_kwallet.so /lib/security/pam_kwallet.so: no such file or directory
/var/log/syslog looks ok.
netstat: ssh is established with master, port 4506 4505 time wait
ping ok
/var/log/syslog looks ok.
netstat: ssh is established with master, port 4506 4505 time wait
ping ok
Steven J
9 aug. 2018, 13:58:0809.08.2018
– securit...@googlegroups.com
https://github.com/Security-Onion-Solutions/security-onion/wiki/Help
Are you able to manually restart the netsniff_ng service?
sudo nsm_sensor_ps-restart --only-pcap
Are you able to manually restart the netsniff_ng service?
sudo nsm_sensor_ps-restart --only-pcap
Steven Malm
Roc-Analyst I
Lyrical Security
174 Spadina Ave, Suite 400, Toronto, ON, Canada - M5T 2C2
Joseph
9 aug. 2018, 14:03:5509.08.2018
– security-onion
Yes I can. i can't start nsm.service , not found. i didn't see it in its directory. i guess this is just trashed and i'll have to reinstall. idk how this would be missing though.
Joseph
9 aug. 2018, 14:05:2509.08.2018
– security-onion
I could 'del nsm all'
and then rerun config.
and then rerun config.
Wes Lambert
9 aug. 2018, 14:05:2709.08.2018
– securit...@googlegroups.com
Joseph,
The NSM service is not configured for newer installs.
You'll want to keep in mind, we created wrapper scripts for many commands, such as so-status (to view status of all services).
Please try the following:
sudo so-status
Also see:
Thanks,
Wes
On Thu, Aug 9, 2018 at 1:58 PM Steven J <s...@lyricalsecurity.com> wrote:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Help
Are you able to manually restart the netsniff_ng service?
sudo nsm_sensor_ps-restart --only-pcap
Steven MalmRoc-Analyst ILyrical Security174 Spadina Ave, Suite 400, Toronto, ON, Canada - M5T 2C2
On Thu, Aug 9, 2018 at 1:34 PM, Joseph <jc5...@gmail.com> wrote:
/var/log/error shows pam_kwallet.so /lib/security/pam_kwallet.so: no such file or directory
/var/log/syslog looks ok.
netstat: ssh is established with master, port 4506 4505 time wait
ping ok
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Wes Lambert
9 aug. 2018, 14:06:1809.08.2018
– securit...@googlegroups.com
You can, however, still use the old nsm_server and nsm_sensor scripts (or sudo so-sensor-start|etc or so-sguild-start|etc)
Thanks,
Wes
Joseph
15 aug. 2018, 11:07:0115.08.2018
– security-onion
Can I recompile the nsm service files? I did nsm_del_all. and reran set up. i have the same problem with:
nsm.service
Loaded: file or directory not found
Active: inactive (dead)
nsm.service
Loaded: file or directory not found
Active: inactive (dead)
This is confusing because the system was perfect, i was away for a week, and came back. I'm not sure what could have happened, but don't want to get the client to plug in the media so I can reinstall the OS. any thoughts?
Wes Lambert
16 aug. 2018, 07:55:1316.08.2018
– securit...@googlegroups.com
Hi Joseph,
At this point I would recommend re-installing from the ISO to start from a clean slate.
Thanks,
Wes
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Răspundeți tuturor
Răspundeți autorului
Redirecționați
0 mesaje noi