• Support
  • Forums
  • Blogs

Cannot add Sensor to Server

Spencer5657Spencer5657

Entry Level
Hi, i have setup the OSSIM server 4.7.0 and run all updates, I have then setup a secondary machine as a sensor and updated that as well.

When I go to the web interface of the server and then to the deployment/sensors the system tells me the sensor is there, when i try to add it putting in the sensors root password i just keep getting an error message saying "Error adding sensor, please check the system is reachable and the password is correct" i know the password is correct as i can login to the console on the sensor using it!

am a bit stumped as to what to try next?

grateful for any advice
Tagged:

Share post:

Answers

  • same here with lab installation for testin 4.8.0
  • Log in on the framework machine and jailbreak it, then ssh to the sensor. The point is to see if the sensor is reachable from the frameworks point of view.
  • yes it is reacheble beacuse it is on same subnet.
  • When I tried adding sensor, I had this message in kern.log, or "dmesg | grep ssh"

    [ 4973.490377] sshpass[25285]: segfault at 0 ip 00007f6a5a355682 sp 00007fff2d417a40 error 4 in libc-2.11.3.so[7f6a5a2b4000+159000]
  • Did everybody here have this kind of error running virtual machines?

    I read somes bugs about "error 4 in libc-2-11.3.so" and most of them are related with hardware.
  • I had this problem but when I jailbroke and ssh'd in I got the key store prompt. Stored the key and then everything worked fine.
  • edited July 2014
    I had this problem but when I jailbroke and ssh'd in I got the key store prompt. Stored the key and then everything worked fine.
    Do you have this on VM's or physical appliances?

    I just add the keys and the problem persists. (by ssh-copy-id, I can logging each other fine).
  • edited July 2014
    Maybe it has to do with ssh reverse lookup on the host... If so, you might want to try to get your dns setup straight, if you still don't have them properly configured in your corporate DNS servers, or if you're using public dns forwarders (like 8.8.8.8), try to properly configure your "/etc/hosts" file, so that reverse resolution works fine. Just get your siem server and sensors properly described in there.
  • It could be, we haven't corporate DNS server. I added nodes each other in /etc/hosts/ and doesn't work, in the kern.log shows the same.

    The only way that I had, was copying the configurations, and integrate them into a new USM since 4.8 version (available in download tab), but I didn't remove the old machine to try fix it.
  • I had this problem but when I jailbroke and ssh'd in I got the key store prompt. Stored the key and then everything worked fine.


    Do you have this on VM's or physical appliances?

    I just add the keys and the problem persists. (by ssh-copy-id, I can logging each other fine).
    I have an AWS and an EXSi.



This discussion has been closed.