On updating OSSIM via the update the ossim-agent starts and then stops. No logs are parsed and both /var/log/ossim/agent.log and /var/log/ossim/agent_error.log are empty or contain old information. Listing the processes shows that the agent is not running.
When the agent is started manually using
/usr/bin/ossim-agent -v
the following error is logged:
OSError: [Errno 2] No such file or directory: '/etc/ossim/agent/host_cache_pro.dic
Looking in the /etc/ossim/agent directory there is no host_cache_pro.dic file but there is a host_cache.dic.
To fix, rename the host_cache.dic to host_cache.dic.old and restart the ossim-agent.
cd /etc/ossim/agent mv host_cache.dic host_cache.dic.old /etc/init.d/ossim-agent restart
The agent should now start and write to the agent.log and start processing.
Filed under: Alienvault OSSIM, Security, SIEM Image may be NSFW.
Clik here to view.
Image may be NSFW.Clik here to view.
