• Support
  • Forums
  • Blogs

Evaluating AlienVault OSSIM v4 - problems

pokopoko

Entry Level
I have now been evaluating AV OSSIM v4 for a few days, and running into weird issues and design.


First, why is the system disk ext3 with Ordered journaling with the default install? There is nothing to win with journaling here unless you plan to crash often. Mounting with writeback cut our IOwait by half, mounting as ext2 gained around 5% still.  Basically the same thing with MyISAM vs. innoDB. This is not a performance issue our testbed can't handle currently, but might be if and when we scale out.


Second, the header of the webUI sucks up resources well beyond sane limits and a lot of the time it doesn't even work. I don't know what it is doing as I have neither time or interest to delve into layers of what seems mostly uncommented PHP. What I do know is it should fetch the number of Open Tickets and Unresolved Alarms from the database. There is something broken in the algorithm, might be because of the constant database pruning? Or the MySQL errors in #4?

/var/log/apache2/error.log:
<-----cut------>
[Wed Sep 05 11:38:20 2012] [error] [client x.x.x.x] PHP Fatal error:  Maximum execution time of 30 seconds exceeded in /usr/share/php/adodb/adodb.inc.php on line 4044, referer: https://<hostname>/ossim/header.php
[Wed Sep 05 11:38:20 2012] [error] [client x.x.x.x] PHP Fatal error:  Maximum execution time of 30 seconds exceeded in /usr/share/php/adodb/adodb.inc.php on line 4044, referer: https://<hostname>/ossim/header.php
zend_mm_heap corrupted
[Wed Sep 05 11:38:20 2012] [notice] child pid 19583 exit signal Segmentation fault (11)
<-----cut------>

Share post:

This discussion has been closed.