nsm.service not found
1,394 views
Skip to first unread message
Joseph
Aug 9, 2018, 11:48:10 AM8/9/18
to security-onion
I haven't logged into SO for a few days. It was all working perfect. Today I ran sudo service nsm status on both the server / sensor. Both 'Failed to restart nsm.service: Unit nsm.service not found.'
I also receive:
nsm.service
Loaded: not-found (reason: no such file or directory)
Active: inactive (dead)
I can't understand how these directories and services had such a big failure. The system has just been running / collecting for a week. There's been no interruption to my knowledge, but maybe that's incorrect. It looks like my only option is a full reinstallation.
Steven J
Aug 9, 2018, 11:57:27 AM8/9/18
to securit...@googlegroups.com
Presuming you've updated, instead of sudo service nsm status try sudo so-status.
Steven Malm
Roc-Analyst I
Lyrical Security
174 Spadina Ave, Suite 400, Toronto, ON, Canada - M5T 2C2
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Joseph
Aug 9, 2018, 11:59:38 AM8/9/18
to security-onion
I see that 5 days ago /var/log/nsm/pcap_agent.log.xxxx started failing to connect to the master on port 7736.
Steven J
Aug 9, 2018, 12:01:44 PM8/9/18
to securit...@googlegroups.com
When you run sudo so-status, is the netsniff_ng service still running?
Steven Malm
Roc-Analyst I
Lyrical Security
174 Spadina Ave, Suite 400, Toronto, ON, Canada - M5T 2C2
On Thu, Aug 9, 2018 at 11:59 AM, Joseph <jc5...@gmail.com> wrote:
I see that 5 days ago /var/log/nsm/pcap_agent.log.xxxx started failing to connect to the master on port 7736.
Joseph
Aug 9, 2018, 12:41:38 PM8/9/18
to security-onion
so-status: everything is OK on mast/sens
netsniff-ng.service
Loaded: not-found (Rason: No such file or directory)
Active: inactive (dead)
-fails on both mast/sens
netsniff-ng.service
Loaded: not-found (Rason: No such file or directory)
Active: inactive (dead)
-fails on both mast/sens
Joseph
Aug 9, 2018, 12:55:34 PM8/9/18
to security-onion
I looked at a log: /var/log/nsm/netsniff-sync.log , each day's entry is same.
The msg looks fine, but wanted to site it for this investigation:
Mon Jul UTC Time is 00:00, so skipping check for netsniff date since /etc/cron.d/sensor-newday should be restarting it anyway.
The msg looks fine, but wanted to site it for this investigation:
Mon Jul UTC Time is 00:00, so skipping check for netsniff date since /etc/cron.d/sensor-newday should be restarting it anyway.
Joseph
Aug 9, 2018, 1:34:17 PM8/9/18
to security-onion
/var/log/error shows pam_kwallet.so /lib/security/pam_kwallet.so: no such file or directory
/var/log/syslog looks ok.
netstat: ssh is established with master, port 4506 4505 time wait
ping ok
/var/log/syslog looks ok.
netstat: ssh is established with master, port 4506 4505 time wait
ping ok
Steven J
Aug 9, 2018, 1:58:08 PM8/9/18
to securit...@googlegroups.com
https://github.com/Security-Onion-Solutions/security-onion/wiki/Help
Are you able to manually restart the netsniff_ng service?
sudo nsm_sensor_ps-restart --only-pcap
Are you able to manually restart the netsniff_ng service?
sudo nsm_sensor_ps-restart --only-pcap
Steven Malm
Roc-Analyst I
Lyrical Security
174 Spadina Ave, Suite 400, Toronto, ON, Canada - M5T 2C2
Joseph
Aug 9, 2018, 2:03:55 PM8/9/18
to security-onion
Yes I can. i can't start nsm.service , not found. i didn't see it in its directory. i guess this is just trashed and i'll have to reinstall. idk how this would be missing though.
Joseph
Aug 9, 2018, 2:05:25 PM8/9/18
to security-onion
I could 'del nsm all'
and then rerun config.
and then rerun config.
Wes Lambert
Aug 9, 2018, 2:05:27 PM8/9/18
to securit...@googlegroups.com
Joseph,
The NSM service is not configured for newer installs.
You'll want to keep in mind, we created wrapper scripts for many commands, such as so-status (to view status of all services).
Please try the following:
sudo so-status
Also see:
Thanks,
Wes
On Thu, Aug 9, 2018 at 1:58 PM Steven J <s...@lyricalsecurity.com> wrote:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Help
Are you able to manually restart the netsniff_ng service?
sudo nsm_sensor_ps-restart --only-pcap
Steven MalmRoc-Analyst ILyrical Security174 Spadina Ave, Suite 400, Toronto, ON, Canada - M5T 2C2
On Thu, Aug 9, 2018 at 1:34 PM, Joseph <jc5...@gmail.com> wrote:
/var/log/error shows pam_kwallet.so /lib/security/pam_kwallet.so: no such file or directory
/var/log/syslog looks ok.
netstat: ssh is established with master, port 4506 4505 time wait
ping ok
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Wes Lambert
Aug 9, 2018, 2:06:18 PM8/9/18
to securit...@googlegroups.com
You can, however, still use the old nsm_server and nsm_sensor scripts (or sudo so-sensor-start|etc or so-sguild-start|etc)
Thanks,
Wes
Joseph
Aug 15, 2018, 11:07:01 AM8/15/18
to security-onion
Can I recompile the nsm service files? I did nsm_del_all. and reran set up. i have the same problem with:
nsm.service
Loaded: file or directory not found
Active: inactive (dead)
nsm.service
Loaded: file or directory not found
Active: inactive (dead)
This is confusing because the system was perfect, i was away for a week, and came back. I'm not sure what could have happened, but don't want to get the client to plug in the media so I can reinstall the OS. any thoughts?
Wes Lambert
Aug 16, 2018, 7:55:13 AM8/16/18
to securit...@googlegroups.com
Hi Joseph,
At this point I would recommend re-installing from the ISO to start from a clean slate.
Thanks,
Wes
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages