4.1 iso Errno 111 - Connection Refused

dwebber23

I received the error in the title after installing and updating a 4.1 iso.  Is this the same issue as http://forums.alienvault.com/discussion/560/ossim-4-1-ossim-server-would-not-start-after-upgrade-to-4-1#latest?

Not sure where to verify because "Your Systen us down" message is displayed in System Configurations and log files such as server.err are not in the ossim directory.

dwebber23

further investigation of the var/log/ossim/av_web_steward.log file shows "ERROR AVWEBSTEWARD_ERROR: [Errno 111] Connection refused"

Is there a resolution to this?  I'm running 2012 Hyper-v.

Thanks, Duane

cpconstantine

be a bit more specific.. where do you get the error from? connecting to the web UI ?

dwebber23

I can login to the web interface.  When I go to Deployment -> AlienValut Components, the status for the sensor is down; on the top of the screen is: "Warning: Communication Failed Reason: [Errno 111] Connection refused".

This appears to be related to the error in the av_web_steward.log.

Also, "the System is down" message is appearing in the Systems Configuration.

I appreciate you looking into.

Duane

dwebber23

is there any update on the error?

Thanks, Duane

Mike

Hi what helps if you manually restart ossim-server component:
/etc/init.d/ossim-server restart

derDuffy

you can also check whether your services are running and listening on the right port

netstat -putan | grep LISTEN | grep <port>

where <port> is the corresponding port
40001 for the server
40002 for the idm-server
40003 for the framework
3306 for the database

I sometimes saw the error in the agent.log if the server was down :)

dwebber23

Mike, the issue still remains after a restart.

derDuffy,  the server, idm-server, and framework were not listening.  I ran ossim-reconfig but it did not correct the issue.   I then started each individually and the Errno 111 is now gone; however, the server is still down - "Your system is down..." is displayed on the 'System Configuration' page.

a.  What other services are needed to bring the system up and fully running?
b.  How can this be fixed during boot?

Thanks for your help.

Duane

derDuffy

What do the server logs say ? I guess we need more information to fix this.

Maybe there is a problem with the database during ossim-server start. You can try a "ossim-repair-tables".

dwebber23

ossim-repair-tables did not work.

which logs should I look at?  Since the services are not starting after boot, there is no information in server.log, frameworkd.log, and frameword_error.log.

Thanks, Duane

dwebber23

I should note, after boot, netstat -puntan | grep LISTEN lists on the following:

  80 apache2
  443 apache2
  3306 mysqld

Duane

derDuffy

You  could tail -f /var/log/ossim/server.log in one console session and start the service in a second. You should then see what the server is doing and what keeps it from starting

dwebber23

the server starts but not on boot.  Starting ossim-server, ossim-framework, and alienvault-idm via command line (mysqld already started) still results in "Your system is down..." in the System Configuration of the AlienVault web interface.

tail -f /var/log/server.log shows 1 repeating result:

     OSSIM-Message: Events in DB: 0; Discarded events: 0

are there other log that would show why services are not starting upon boot?

Thanks, Duane

derDuffy

You can enable debugging

Get the process pid of you server: ps aux | grep ossim-server

And then do a kill -47 <processid>

That brings the osism-server into debugging mode.

For the client you could change it in /etc/ossim/agent/config.cfg and change verbose=info -> verbose=debug