[Oisf-users] Suricata / Snorby Events errors

Shirkdog shirkdog at gmail.com
Tue Jan 3 14:48:47 UTC 2012


The java errors should be fine, but this is a snorby issue and not suricata.

Check out snorby mailing list, http://groups.google.com/group/snorby
and the #snorby chatroom on freenode to get support there.

---
Shirkdog
Free your Mind...
http://www.shirkdog.us



On Tue, Jan 3, 2012 at 9:41 AM, Amrith Z <amrith at hotmail.fr> wrote:
> Thx
>
> The delayed_jobĀ  process is running, but by lunching the script I have an
> error regarding java :
>
> NOTE: Gem.source_index is deprecated, use Specification. It will be removed
> on or after 2011-11-01.
> Gem.source_index called from
> /usr/local/lib/ruby/gems/1.9.1/gems/bundler-1.0.10/lib/bundler/shared_helpers.rb:3.
> NOTE: Gem.source_index is deprecated, use Specification. It will be removed
> on or after 2011-11-01.
> Gem.source_index called from
> /usr/local/lib/ruby/gems/1.9.1/gems/bundler-1.0.10/lib/bundler/source.rb:162.
> NOTE: Gem::SourceIndex#each is deprecated with no replacement. It will be
> removed on or after 2011-11-01.
> Gem::SourceIndex#each called from
> /usr/local/lib/ruby/gems/1.9.1/gems/bundler-1.0.10/lib/bundler/source.rb:162.
> NOTE: Gem.source_index is deprecated, use Specification. It will be removed
> on or after 2011-11-01.
> Gem.source_index called from
> /usr/local/lib/ruby/gems/1.9.1/gems/bundler-1.0.10/lib/bundler/shared_helpers.rb:84.
> Jammit Warning: Asset compression disabled -- Java unavailable.
> DataObjects::URI.new with arguments is deprecated, use a Hash of URI
> components
> (/var/www/snorby/vendor/cache/ruby/1.9.1/gems/dm-do-adapter-1.1.0/lib/dm-do-adapter/adapter.rb:231:in
> `new')
> ERROR: there is already one or more instance(s) of the program running
>
> If the problem is that I don't have any Java installed, why was everything
> working before ?
>
> Thx again.
>
>> From: shirkdog at gmail.com
>> Date: Tue, 3 Jan 2012 08:28:06 -0500
>> Subject: Re: [Oisf-users] Suricata / Snorby Events errors
>> To: victor at inliniac.net
>> CC: amrith at hotmail.fr; oisf-users at openinfosecfoundation.org
>>
>> This should not be a problem in the latest Snorby, but for earlier
>> versions I made a cronjob check for whether the delayed job was
>> running and started it. The following was the script I called from the
>> cronjob every */5 minutes. The ruby script required to be run in the
>> Snorby directory (change that to wherever you installed it).
>>
>> #!/bin/sh
>>
>> #Local fixes for Snorby with Apache
>> #
>> TEST=`ps aux|grep delayed_job`;
>>
>> if [ ! $TEST ];
>> then
>> cd /usr/local/www/Snorby;
>> /usr/local/bin/ruby script/delayed_job start;
>> fi
>>
>> ---
>> Shirkdog
>> Free your Mind...
>> http://www.shirkdog.us
>>
>>
>>
>> On Tue, Jan 3, 2012 at 6:47 AM, Victor Julien <victor at inliniac.net> wrote:
>> > Can you check if it is still running? Or restart it to see if that makes
>> > the events flow again?
>> >
>> > On 01/03/2012 12:41 PM, Amrith Z wrote:
>> >>
>> >> Hi,
>> >>
>> >> Yes, barnyard2 is also running. But maybe not the way it has to ?
>> >>
>> >> Thx
>> >>
>> >>> Date: Tue, 3 Jan 2012 12:38:58 +0100
>> >>> From: victor at inliniac.net
>> >>> To: oisf-users at openinfosecfoundation.org
>> >>> Subject: Re: [Oisf-users] Suricata / Snorby Events errors
>> >>>
>> >>> On 01/03/2012 12:14 PM, Amrith Z wrote:
>> >>>>
>> >>>> Hi All,
>> >>>>
>> >>>> I'm running Suricata with Snorby. The problem I have has already
>> >>>> happened to me several times, and might come from Snorby, and not Suricata.
>> >>>> What is happening is that by running Suricata, I do not see any alerts in
>> >>>> the Events list of Snorby anymore.
>> >>>> I see an alert in Snorby in the "Worker & Job Queue" section saying
>> >>>> "Warning : the sensor cache job is not running". Nothing seems to change
>> >>>> when I restart it with the interface. I found the /etc/init.d/worker script,
>> >>>> but it doesn't work.
>> >>>>
>> >>>> Any ideas ?
>> >>>
>> >>> I assume you have barnyard2 running as well in this setup. Can you
>> >>> check
>> >>> if it is still running? Or restart it to see if that makes the events
>> >>> flow again?
>> >>>
>> >>> --
>> >>> ---------------------------------------------
>> >>> Victor Julien
>> >>> http://www.inliniac.net/
>> >>> PGP: http://www.inliniac.net/victorjulien.asc
>> >>> ---------------------------------------------
>> >>>
>> >>> _______________________________________________
>> >>> Oisf-users mailing list
>> >>> Oisf-users at openinfosecfoundation.org
>> >>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> >>
>> >
>> >
>> > --
>> > ---------------------------------------------
>> > Victor Julien
>> > http://www.inliniac.net/
>> > PGP: http://www.inliniac.net/victorjulien.asc
>> > ---------------------------------------------
>> >
>> > _______________________________________________
>> > Oisf-users mailing list
>> > Oisf-users at openinfosecfoundation.org
>> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users



More information about the Oisf-users mailing list