It looks like you're new here. If you want to get involved, click one of these buttons!
Sign In with OTX
Recent Answered Questions
AlienVault Labs: Threat Intelligence Updates
Updates & Upgrades
Server / Console
Configuring data sources
Data Source Plugins
Open Threat Exchange
IP Threat Details
AlienVault v4.15.1 is now available for USM and OSSIM.
Aw Snap! AlienVault Upgraded The Community Forums!
Click here to read about the details!
4.1 iso Errno 111 - Connection Refused
I received the error in the title after installing and updating a 4.1 iso. Is this the same issue as
Not sure where to verify because "Your Systen us down" message is displayed in System Configurations and log files such as server.err are not in the ossim directory.
further investigation of the var/log/ossim/av_web_steward.log file shows "ERROR AVWEBSTEWARD_ERROR: [Errno 111] Connection refused"
Is there a resolution to this? I'm running 2012 Hyper-v.
be a bit more specific.. where do you get the error from? connecting to the web UI ?
I can login to the web interface. When I go to Deployment -> AlienValut Components, the status for the sensor is down; on the top of the screen is: "Warning: Communication Failed Reason: [Errno 111] Connection refused".
This appears to be related to the error in the av_web_steward.log.
Also, "the System is down" message is appearing in the Systems Configuration.
I appreciate you looking into.
is there any update on the error?
Hi what helps if you manually restart ossim-server component:
edited December 2012
you can also check whether your services are running and listening on the right port
netstat -putan | grep LISTEN | grep <port>
where <port> is the corresponding port
40001 for the server
40002 for the idm-server
40003 for the framework
3306 for the database
I sometimes saw the error in the agent.log if the server was down :)
Mike, the issue still remains after a restart.
derDuffy, the server, idm-server, and framework were not listening. I ran ossim-reconfig but it did not correct the issue. I then started each individually and the Errno 111 is now gone; however, the server is still down - "Your system is down..." is displayed on the 'System Configuration' page.
a. What other services are needed to bring the system up and fully running?
b. How can this be fixed during boot?
Thanks for your help.
What do the server logs say ? I guess we need more information to fix this.
Maybe there is a problem with the database during ossim-server start. You can try a "ossim-repair-tables".
ossim-repair-tables did not work.
which logs should I look at? Since the services are not starting after boot, there is no information in server.log, frameworkd.log, and frameword_error.log.
I should note, after boot, netstat -puntan | grep LISTEN lists on the following:
You could tail -f /var/log/ossim/server.log in one console session and start the service in a second. You should then see what the server is doing and what keeps it from starting
the server starts but not on boot. Starting ossim-server, ossim-framework, and alienvault-idm via command line (mysqld already started) still results in "Your system is down..." in the System Configuration of the AlienVault web interface.
tail -f /var/log/server.log shows 1 repeating result:
OSSIM-Message: Events in DB: 0; Discarded events: 0
are there other log that would show why services are not starting upon boot?
You can enable debugging
Get the process pid of you server: ps aux | grep ossim-server
And then do a kill -47 <processid>
That brings the osism-server into debugging mode.
For the client you could change it in /etc/ossim/agent/config.cfg and change verbose=info -> verbose=debug
I have same kind of problem like when I clicked on Deployement->AlienVault Components showing message
[Errno 111] Connection refused"
please, run ossim-reconfig -c -v -d and check if you see some error in the log, when the ossim-reconfig has been finished, check if you have mysql running and check the AlienVault components in the web again
From the Blog
Feb 25, 2015
The 4 Es of Enterprise Security
Read More >
8:00 AM PST
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Register Now >
See All Events >
How It Works
SIEM & Log Management
PCI DSS Compliance
Open Threat Exchange
OSSIM & Other Projects
Who We Are
Board & Advisors
© Copyright 2015 AlienVault, Inc. |