• Support
  • Forums
  • Blogs
A New Community Experience is Coming! For more information, please see our announcement.

OSSIM agent plugins stop parsing logs


Space invader

We have an issue (ossim 5.3.7) when some plugins dont't success to parse a log. If a regex for any reason try to parse a wrong log, the plugin stops to process the log file. The only way is to restart ossim-agent.


Share post:


  • Hi,

    The exact issue is when a plugin parse a log and get a string sid instead of an integer, the plugin crashed and stop working.
    It's a major issue !  
  • @ol.batard Which plugin is causing the trouble? Also could you paste some log lines that you've detected are causing the issue as well as some valid log lines?

  • Hi, 

    Example with the netscreen-firewall.cfg.

    #   Generic rule
    [9999 - netscreen-firewall - Generic Rule]

    If $sid contains a string, the translation cannot be done. The plugin logs an erreur with the message "
  • @ol.batard That's highly unlikely, the translation function makes a lookup of strings into the translate sections, if no match is found, it goes for:

    # Default
    _DEFAULT_ = 20000000
  • Indeed. 

    Your mark the point ! 

    This option is very very important. Without, plugins stop parsing any logs if it cannot translate. 

  • Hum, unfortunately, my issue persists. 
    I didn't see any error in agent.log and server.log. 

    I have no idea anymore to troubleshoot.
Sign In or Register to comment.