Documentation Center
AlienVault® USM Appliance™

Known Issue: Using "networks" in Search Domain Breaks Update

Reported Version: 5.2.4
Fixed Version 5.4.3
Deployment: All deployments
AlienVault Ticket ID ENG-103702

Description

In AlienVault USM Appliance, if you set the search domain to a certain value that contains "networks", it can break system update or package installation. For example, if a company's name has "networks" in it, such as Networks Solutions, and the search domain is set to networksolutionstest.com, some packages' postinstall scripts like alienvault-suricata and alienvault-prads can break system update. Similar settings can be shown below:

Network settings dialog in USM

The postinst scripts for alienvault-suricata and alienvault-prads grep for "networks". If you use the word "networks" in the search domain name field it will break the postinstall configure script for the mentioned packages.

The error can be showed in the last update log located in /var/log/alienvault/update:

Update log error in USM

Workaround

To prevent this issue, remove the word "networks" in the search domain name field in the network domain settings.