OSSIM agent plugins stop parsing logs


We have an issue (ossim 5.3.7) when some plugins dont't success to parse a log. If a regex for any reason try to parse a wrong log, the plugin stops to process the log file. The only way is to restart ossim-agent.


  • Hi,

    The exact issue is when a plugin parse a log and get a string sid instead of an integer, the plugin crashed and stop working.
    It's a major issue !  
  • @ol.batard Which plugin is causing the trouble? Also could you paste some log lines that you've detected are causing the issue as well as some valid log lines?

  • Hi, 

    Example with the netscreen-firewall.cfg.

    #   Generic rule
    [9999 - netscreen-firewall - Generic Rule]

    If $sid contains a string, the translation cannot be done. The plugin logs an erreur with the message "
  • @ol.batard That's highly unlikely, the translation function makes a lookup of strings into the translate sections, if no match is found, it goes for:

    # Default
    _DEFAULT_ = 20000000
  • Indeed. 

    Your mark the point ! 

    This option is very very important. Without, plugins stop parsing any logs if it cannot translate. 

  • Hum, unfortunately, my issue persists. 
    I didn't see any error in agent.log and server.log. 

    I have no idea anymore to troubleshoot.
