Documentation Center
AlienVault® USM Appliance™

Known Issue: NIDS/HIDS/PRADS Does Not Start If ASEC Is Enabled

Reported Version: 5.4
Fixed Version 5.6
Deployment: All deployments
AlienVault Ticket ID ENG-105802

Description

After upgrading to USM Appliance version 5.4, some customers noticed that NIDS or PRADS stopped working and there were no AlienVault NIDS events displaying.

Workaround

AlienVault has reproduced this behavior internally and identified that this is because ASEC was enabled in ossim_setup. Disabling ASEC and running alienvault-reconfig resolves the issue.

To check and disable asec

  1. Connect to the AlienVault Console through SSH and use your credentials to log in.

    The AlienVault Setup menu displays.

  2. On the AlienVault Setup main menu, select Jailbreak System to gain command line access.

    Select Yes when prompted. You will be in the root directory.

  3. Using a text editor of your choice, open /etc/ossim/ossim_setup.conf.
  4. Locate the asec setting under the [sensor] section:

    asec=no

  5. If your file shows asec=yes, change it to asec=no and save the file.
  6. Restart all services for changes to apply:

    alienvault-reconfig -c -v -d