BLOG     |     FORUM
Welcome, Guest
Username: Password: Remember me
Forgot your password? Forgot your username? Create an account
Issues related to installation, running, bugs, and features.
  • Page:
  • 1
  • 2

TOPIC: Trisul service issues

Trisul service issues 11 years 5 months ago #910

Before uninstalling, is there a way to resolve this:

Tue Nov 6 15:02:52 2012.751766 DEBUG Transfer ownership : Already transferred /usr/local/var/lib/trisul/CONTEXT0/run/system.stats
Tue Nov 6 15:02:52 2012.751971 INFO Drop Privilege : Dropped down to user : sguil
Tue Nov 6 15:02:52 2012.753395 INFO Now running as user = sguil group = sguil
Tue Nov 6 15:02:52 2012.753441 INFO Trisul Server process id (pid) = 1930
Tue Nov 6 15:02:52 2012.753488 INFO Checking Redis unixsock /usr/local/var/lib/trisul/CONTEXT0/run/redis_socket
Tue Nov 6 15:02:52 2012.753585 INFO Redis isnt reachable on/usr/local/var/lib/trisul/CONTEXT0/run/redis_socket
Tue Nov 6 15:02:52 2012.753608 INFO Starting redis with config file /usr/local/etc/trisul/redis.conf
Tue Nov 6 15:02:54 2012.754240 INFO Started redis, retrying connect 1
Tue Nov 6 15:02:54 2012.754336 INFO Checking Redis unixsock /usr/local/var/lib/trisul/CONTEXT0/run/redis_socket
Tue Nov 6 15:02:54 2012.754411 INFO Redis isnt reachable on/usr/local/var/lib/trisul/CONTEXT0/run/redis_socket
Tue Nov 6 15:02:54 2012.754440 INFO Starting redis with config file /usr/local/etc/trisul/redis.conf
Tue Nov 6 15:02:56 2012.754939 INFO Started redis, retrying connect 2
Tue Nov 6 15:02:56 2012.755039 FATAL Unable to bring up redis after 2 attempts
Tue Nov 6 15:02:56 2012.755066 INFO Disable Redis in trisulConfig.xml and restart
Tue Nov 6 15:02:56 2012.755090 FATAL Redis support requested (<Redis><Enabled> param in config) but cant start
Tue Nov 6 15:02:56 2012.755240 INFO GLOBALFLUSH : at 12-31-1969 23:59:59--00001
Tue Nov 6 15:02:56 2012.756472 INFO Reusing newly inited slice - via cleanenv
Tue Nov 6 15:02:56 2012.756604 DEBUG Launching 2 flusher threads

I change the following:

<Redis>
<UnixSocket>/usr/local/var/lib/trisul/CONTEXT0/run/redis.socket</UnixSocket>

Now I am getting this output:

Tue Nov 6 16:09:30 2012.281955 DEBUG Transfer ownership : Already transferred /usr/local/var/lib/trisul/CONTEXT0/run/system.stats
Tue Nov 6 16:09:30 2012.282095 INFO Drop Privilege : Dropped down to user : sguil
Tue Nov 6 16:09:30 2012.283127 INFO Now running as user = sguil group = sguil
Tue Nov 6 16:09:30 2012.283157 INFO Trisul Server process id (pid) = 6134
Tue Nov 6 16:09:30 2012.283180 INFO Checking Redis unixsock /usr/local/var/lib/trisul/CONTEXT0/run/redis.socket
Tue Nov 6 16:09:30 2012.283402 INFO Redis ping successful on /usr/local/var/lib/trisul/CONTEXT0/run/redis.socket
Tue Nov 6 16:09:30 2012.283537 INFO Redis OK on /usr/local/etc/trisul/redis.conf
Tue Nov 6 16:09:30 2012.284184 INFO TRP Server : Starting
Tue Nov 6 16:09:30 2012.284493 INFO Creating SSL/TLS Context (allowed certs & server key)
Tue Nov 6 16:09:30 2012.286712 DEBUG IDS: Enabled = TRUE
Tue Nov 6 16:09:30 2012.286761 DEBUG IDS: If enabled read snort unix socket = /nsm/sensor_data/cfd-sosensor1-eth2/barnyard2_alert
Tue Nov 6 16:09:30 2012.286879 INFO FilterSnortUnsock[Setup]: Entering IDS Listener Loop
Tue Nov 6 16:09:30 2012.286911 INFO FilterSnortUnsock[Setup]: Created unix domain socket
Tue Nov 6 16:09:30 2012.286960 ERROR FilterSnortUnsock[Setup]: Unable to bind to unix domain socket : [perms?]/nsm/sensor_data/cfd-sosensor1-eth2/barnyard2_alert
Tue Nov 6 16:09:30 2012.287137 ERROR FilterUnified2Unsock[()]: Error receiving from unix domian socket /nsm/sensor_data/cfd-sosensor1-eth2/barnyard2_alert Code = -1
Tue Nov 6 16:09:30 2012.287177 DEBUG trisul:alertpipe:FilterMsg[Stats] : 0

Tue Nov 6 16:09:30 2012.287196 DEBUG FilterSnortUnsock[Stats] Alerts = 0

From /nsm/sensor_data/cfd-sosensor1-eth2/barnyard2_alert/log/thin.log

> Writing PID to /usr/local/share/webtrisul/tmp/thin.wsock.pid
>> Thin web server (v1.2.11 codename Bat-Shit Crazy)
>> Maximum connections set to 1024
>> Listening on 0.0.0.0:3003, CTRL+C to stop
>> Stopping ...
>> Exiting!
>> Writing PID to /usr/local/share/webtrisul/tmp/thin.wsock.pid
>> Thin web server (v1.2.11 codename Bat-Shit Crazy)
>> Maximum connections set to 1024
>> Listening on 0.0.0.0:3003, CTRL+C to stop
>> Stopping ...
>> Exiting!
>> Writing PID to /usr/local/share/webtrisul/tmp/thin.wsock.pid
>> Thin web server (v1.2.11 codename Bat-Shit Crazy)
>> Maximum connections set to 1024
>> Listening on 0.0.0.0:3003, CTRL+C to stop
>> Stopping ...
>> Exiting!

I run ps -C trisul it appears for only a few seconds.
Last Edit: 11 years 5 months ago by jakepp.
The administrator has disabled public write access.

Trisul service issues 11 years 5 months ago #911

Hi,

I am running Secrutiy Onion based on Ubuntu 10.04.4

Thanks.
The administrator has disabled public write access.

Trisul service issues 11 years 5 months ago #949

  • Security onion user
  • Security onion user's Avatar
Check /usr/local/etc/trisul/redis.conf it is STILL pointing to /usr/local/var/lib/trisul/CONTEXT0/run/redis_socket which will NOT work since Trisul is looking in /nsm/trisul_data/lib/trisul/CONTEXT0/ change all the dirs to point to /nsm/trisul_data/... instead of /usr/local/var/... and it should start working.
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Moderators: vivek [unleash]
Time to create page: 0.035 seconds

Sitemap | Privacy

Copyright © 2011-14 Unleash Networks