[Oisf-users] Suricata / Snorby Events errors

Amrith Z amrith at hotmail.fr
Tue Jan 3 14:41:21 UTC 2012


Thx

The delayed_job  process is running, but by lunching the script I have an error regarding java : 

NOTE: Gem.source_index is deprecated, use Specification. It will be removed on or after 2011-11-01.
Gem.source_index called from /usr/local/lib/ruby/gems/1.9.1/gems/bundler-1.0.10/lib/bundler/shared_helpers.rb:3.
NOTE: Gem.source_index is deprecated, use Specification. It will be removed on or after 2011-11-01.
Gem.source_index called from /usr/local/lib/ruby/gems/1.9.1/gems/bundler-1.0.10/lib/bundler/source.rb:162.
NOTE: Gem::SourceIndex#each is deprecated with no replacement. It will be removed on or after 2011-11-01.
Gem::SourceIndex#each called from /usr/local/lib/ruby/gems/1.9.1/gems/bundler-1.0.10/lib/bundler/source.rb:162.
NOTE: Gem.source_index is deprecated, use Specification. It will be removed on or after 2011-11-01.
Gem.source_index called from /usr/local/lib/ruby/gems/1.9.1/gems/bundler-1.0.10/lib/bundler/shared_helpers.rb:84.
Jammit Warning: Asset compression disabled -- Java unavailable.
DataObjects::URI.new with arguments is deprecated, use a Hash of URI components (/var/www/snorby/vendor/cache/ruby/1.9.1/gems/dm-do-adapter-1.1.0/lib/dm-do-adapter/adapter.rb:231:in `new')
ERROR: there is already one or more instance(s) of the program running

If the problem is that I don't have any Java installed, why was everything working before ?

Thx again.

> From: shirkdog at gmail.com
> Date: Tue, 3 Jan 2012 08:28:06 -0500
> Subject: Re: [Oisf-users] Suricata / Snorby Events errors
> To: victor at inliniac.net
> CC: amrith at hotmail.fr; oisf-users at openinfosecfoundation.org
> 
> This should not be a problem in the latest Snorby, but for earlier
> versions I made a cronjob check for whether the delayed job was
> running and started it. The following was the script I called from the
> cronjob every */5 minutes. The ruby script required to be run in the
> Snorby directory (change that to wherever you installed it).
> 
> #!/bin/sh
> 
> #Local fixes for Snorby with Apache
> #
> TEST=`ps aux|grep delayed_job`;
> 
> if [ ! $TEST ];
> then
>         cd /usr/local/www/Snorby;
>         /usr/local/bin/ruby script/delayed_job start;
> fi
> 
> ---
> Shirkdog
> Free your Mind...
> http://www.shirkdog.us
> 
> 
> 
> On Tue, Jan 3, 2012 at 6:47 AM, Victor Julien <victor at inliniac.net> wrote:
> > Can you check if it is still running? Or restart it to see if that makes
> > the events flow again?
> >
> > On 01/03/2012 12:41 PM, Amrith Z wrote:
> >>
> >> Hi,
> >>
> >> Yes, barnyard2 is also running. But maybe not the way it has to ?
> >>
> >> Thx
> >>
> >>> Date: Tue, 3 Jan 2012 12:38:58 +0100
> >>> From: victor at inliniac.net
> >>> To: oisf-users at openinfosecfoundation.org
> >>> Subject: Re: [Oisf-users] Suricata / Snorby Events errors
> >>>
> >>> On 01/03/2012 12:14 PM, Amrith Z wrote:
> >>>>
> >>>> Hi All,
> >>>>
> >>>> I'm running Suricata with Snorby. The problem I have has already happened to me several times, and might come from Snorby, and not Suricata. What is happening is that by running Suricata, I do not see any alerts in the Events list of Snorby anymore.
> >>>> I see an alert in Snorby in the "Worker & Job Queue" section saying "Warning : the sensor cache job is not running". Nothing seems to change when I restart it with the interface. I found the /etc/init.d/worker script, but it doesn't work.
> >>>>
> >>>> Any ideas ?
> >>>
> >>> I assume you have barnyard2 running as well in this setup. Can you check
> >>> if it is still running? Or restart it to see if that makes the events
> >>> flow again?
> >>>
> >>> --
> >>> ---------------------------------------------
> >>> Victor Julien
> >>> http://www.inliniac.net/
> >>> PGP: http://www.inliniac.net/victorjulien.asc
> >>> ---------------------------------------------
> >>>
> >>> _______________________________________________
> >>> Oisf-users mailing list
> >>> Oisf-users at openinfosecfoundation.org
> >>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >>
> >
> >
> > --
> > ---------------------------------------------
> > Victor Julien
> > http://www.inliniac.net/
> > PGP: http://www.inliniac.net/victorjulien.asc
> > ---------------------------------------------
> >
> > _______________________________________________
> > Oisf-users mailing list
> > Oisf-users at openinfosecfoundation.org
> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120103/f540d7c0/attachment-0002.html>


More information about the Oisf-users mailing list