标签:ossim
alienvault-doctor是一个非常实用的OSSIM系统检测脚本,下面看看对一个故障系统的检测效果:
VirtualUSMAllInOne:~# alienvault-doctor
AlienVault Doctor version 4.13.0 (Hemingway)
AlienVault version: 4.13.0
Installed profiles: Server,Database,Framework,Sensor
Operating system: Linux
Hardware platform: x86_64
Hostname: VirtualUSMAllInOne
Hmmm, let the Doctor have a look at you...
[Warning] Could not evaluate " "Can‘t retrieve sensor list: Error while querying for ‘Sensor‘ systems: (OperationalError) (2003, "Can‘t connect to MySQL server on ‘127.0.0.1‘ (111)") None None" ==""" in check "Celery workers": invalid syntax (<string>, line 1)
...
Hooray! The Doctor has diagnosed you, check out the results...
Plugin ansiblemgr_log.plg didn‘t run: Cannot parse file "/var/log/alienvault/api/ansiblemgr.log": [Errno 2] No such file or directory: ‘/var/log/alienvault/api/ansiblemgr.log‘
Plugin: connection_no
[*] Connections: Number of connections between server, mysql and/or IDM not expected
Word of advice: Connections to the AlienVault subsystems vary between a well defined range. Please check where the extra connections come from
Plugin: disk_usage
[*] root partition critical: All good
[*] root partition warning: All good
Plugin mysql_history didn‘t run: Cannot parse file "/root/.mysql_history": [Errno 2] No such file or directory: ‘/root/.mysql_history‘
Plugin: netstat
[*] RX and TX queues: ossim server, agent or mysql may have problems with their rx/tx queues
Word of advice: RX/TX queues are network buffers. Large queues may point to network problems. Please check your network connection and hardware
Plugin gunicorn_access_log didn‘t run: Cannot parse file "/var/log/alienvault/api/gunicorn_access.log": [Errno 2] No such file or directory: ‘/var/log/alienvault/api/gunicorn_access.log‘
Plugin: corrupt_tables
[*] Corrupted tables: All good
Plugin: installed_pkg
[*] Default packages: Some packages do not match default installation
Word of advice: AlienVault systems are designed to work with a well defined set of packages. Adding or deleting packages manually is not supported and may lead to unexpected results
[*] Version compliance: Some package versions do not match with the installed AlienVault version
Word of advice: AlienVault packages are built and tested to work in a version consistent fashion. Inconsistent versions across different AlienVault packages could lead to unexpected issues.
Plugin superdoctor didn‘t run: Required file "/usr/sbin/sdt" does not exist
Plugin: percona_logrotate
[*] signatures: All good
[*] mysql.err: mysql.err is not on the logrotate configuration
Word of advice: The mysql.err file may become too large and should be rotated properly. Please check your logrotate configuration
[*] mysql.log: All good
Plugin: celerybeat_log.plg
[*] Celerybeat process: All good
Plugin gunicorn_log didn‘t run: Cannot parse file "/var/log/alienvault/api/gunicorn.log": [Errno 2] No such file or directory: ‘/var/log/alienvault/api/gunicorn.log‘
Plugin chassis didn‘t run: Required module "ipmi_devintf" is not present
Plugin: celeryworker_log.plg
[*] Celery workers: Celery is not working properly
Word of advice: Celery is the task manager of choice in AlienVault. Workers reporting errors may suggest that your queues or custom tasks are not working properly.
Plugin: processes
[*] Server: All good
[*] Indexer: All good
[*] MySQL: All good
Plugin: api_log
[*] Number of connection attempts to RabbitMQ: All good
Plugin bash_history didn‘t run: Cannot parse file "/root/.bash_history": [Errno 2] No such file or directory: ‘/root/.bash_history‘
Plugin: pkg_checksum
[*] ossim_checks: All good
Plugin: server_log
[*] IDM connection recovery: All good
[*] Remote server connection recovery: All good
Plugin: network_interface
[*] Collisions: All good
[*] RX/TX errors: All good
[*] MTU: All good
Plugin: default_hw
[*] Default hardware: All good
Plugin: schema_version
[*] Schema version: All good
Plugin: null_fields
[*] Event sensor field: Some events in your database have null sensor_id fields
Word of advice: Events without an associated sensor_id are a sign of misconfigured plugins and/or sensor properties. Please check both in your system
[*] Server DB configuration: All good
Plugin vm_requirements didn‘t run: Memory requirement is not met
接下来我们根据这些标红的提示来有针对性的进行故障处理。
本文出自 “李晨光原创技术博客” 博客,请务必保留此出处http://chenguang.blog.51cto.com/350944/1689915
标签:ossim
原文地址:http://chenguang.blog.51cto.com/350944/1689915
