• Support
  • Forums
  • Blogs

Alarms not being generated

xeeker4368xeeker4368

New Life Form
Some of the built in rules are giving me a risk level of 1, but not generating alarms.  Does anyone have any thoughts or any ideas on where to investigate this issue?
Tagged:

Share post:

Best Answer

Answers

  • Where do you see them having the risk level of 1? Do you have any policy that may affect/cause this?
  • For this particular alarm, its around an out of date version of java being installed.

    I can see the snort event, and a directive event.  The directive event raises the risk to 1.

    Currently we don't have any policies or other directives that would affect it, no.  Very limited number of policies running right now.
  • Well that is strange. All directive events with risk 1 or above should generate alarms. 

    Have the alarms been closed? Or can you reliably recreate this? 
  • Yes I can re-create it and no, no alarm was closed on it....none was even opened.
  • No alarms were ever opened? Please check your database error log and see if there is a message similar to the following:






    ERROR 145 (HY000) at line 2970: Table './mysql/proc' is marked as crashed and should be repaired

    If so, repair the table and restart ossim-server. Create the alarm again and see if it makes any difference.


  • /var/lib/mysql/<hostname>.err
Sign In or Register to comment.