• Support
  • Forums
  • Blogs

otx config in usm

idarlundidarlund

Big Time
+7
Hi,

My alienvault/ossim/#configuration/otx/otx is not working as expected. The loading bar does not go away. Has anyone else experienced the same problem or know how to fix it?

Screen Shot 2017-06-01 at 10.02.01

-Idar

Share post:

Answers

  • idarlund,

    Support has heard only one report of this, which was apparently resolved by switching browsers. We were unable to determine which browser the customer was using, however.

    If possible, could you let us known your browser type and version, and what OS you are using?

  • I see this error with chrome on both Windows and Mac. I tested with Microsoft Edge on Windows and the problem is in that browser also.

    I have an other installation (which is OSSIM) and that one works as it should.

    Is there a log file that i could check out to see what happens?
  • idarlund,

    I was able to generate this scenario on a system when I stopped rabbitmq-server from properly running.

    can you restart rabbit using:

    service rabbitmq-server restart

    and then check startup_log and startup_err in /var/log/rabbitmq/ for issues?
  • ==> /var/log/rabbitmq/alienvault@localhost.log <==
    =INFO REPORT==== 14-Jun-2017::09:26:49 ===
    Stopping RabbitMQ

    =INFO REPORT==== 14-Jun-2017::09:26:49 ===
    stopped TCP Listener on [::]:5672

    =ERROR REPORT==== 14-Jun-2017::09:26:50 ===
    AMQP connection <0.601.0> (running), channel 0 - error:
    {amqp_error,connection_forced,
                "broker forced connection closure with reason 'shutdown'",none}

    =ERROR REPORT==== 14-Jun-2017::09:26:50 ===
    AMQP connection <0.902.0> (running), channel 0 - error:
    {amqp_error,connection_forced,
                "broker forced connection closure with reason 'shutdown'",none}

    [..]

    =ERROR REPORT==== 14-Jun-2017::09:26:50 ===
    AMQP connection <0.679.0> (running), channel 0 - error:
    {amqp_error,connection_forced,
                "broker forced connection closure with reason 'shutdown'",none}

    ==> /var/log/rabbitmq/alienvault@localhost-sasl.log <==

    =SUPERVISOR REPORT==== 14-Jun-2017::09:26:50 ===
         Supervisor: {<0.715.0>,rabbit_channel_sup_sup}
         Context:    shutdown_error
         Reason:     shutdown
         Offender:   [{nb_children,1},
                      {name,channel_sup},
                      {mfargs,{rabbit_channel_sup,start_link,[]}},
                      {restart_type,temporary},
                      {shutdown,infinity},
                      {child_type,supervisor}]


    ==> /var/log/rabbitmq/alienvault@localhost.log <==

    =INFO REPORT==== 14-Jun-2017::09:26:51 ===
    Halting Erlang VM

    =INFO REPORT==== 14-Jun-2017::09:26:59 ===
    Starting RabbitMQ 3.3.5 on Erlang 17
    Copyright (C) 2007-2014 GoPivotal, Inc.
    Licensed under the MPL.  See http://www.rabbitmq.com/

    =INFO REPORT==== 14-Jun-2017::09:26:59 ===
    node           : alienvault@localhost
    home dir       : /var/lib/rabbitmq
    config file(s) : (none)
    cookie hash    : wRIuIseuZQ8z7zgoMJA35A==
    log            : /var/log/rabbitmq/alienvault@localhost.log
    sasl log       : /var/log/rabbitmq/alienvault@localhost-sasl.log
    database dir   : /var/lib/rabbitmq/mnesia/alienvault@localhost

    =INFO REPORT==== 14-Jun-2017::09:26:59 ===
    Limiting to approx 999900 file handles (899908 sockets)

    =INFO REPORT==== 14-Jun-2017::09:26:59 ===
    Memory limit set to 4794MB of 11985MB total.

    =INFO REPORT==== 14-Jun-2017::09:26:59 ===
    Disk free limit set to 50MB

    =INFO REPORT==== 14-Jun-2017::09:26:59 ===
    msg_store_transient: using rabbit_msg_store_ets_index to provide index

    =INFO REPORT==== 14-Jun-2017::09:26:59 ===
    msg_store_persistent: using rabbit_msg_store_ets_index to provide index

    =INFO REPORT==== 14-Jun-2017::09:27:00 ===
    started TCP Listener on [::]:5672

    =INFO REPORT==== 14-Jun-2017::09:27:00 ===
    Server startup complete; 0 plugins started.

    =INFO REPORT==== 14-Jun-2017::09:27:03 ===
    accepting AMQP connection <0.243.0> (127.0.0.1:44862 -> 127.0.0.1:5672)

    =INFO REPORT==== 14-Jun-2017::09:27:03 ===
    accepting AMQP connection <0.249.0> (127.0.0.1:44863 -> 127.0.0.1:5672)

    =INFO REPORT==== 14-Jun-2017::09:27:03 ===
    accepting AMQP connection <0.263.0> (127.0.0.1:44864 -> 127.0.0.1:5672)

    =INFO REPORT==== 14-Jun-2017::09:27:03 ===
    accepting AMQP connection <0.267.0> (127.0.0.1:44865 -> 127.0.0.1:5672)

    =INFO REPORT==== 14-Jun-2017::09:27:03 ===
    accepting AMQP connection <0.281.0> (127.0.0.1:44866 -> 127.0.0.1:5672)

    =INFO REPORT==== 14-Jun-2017::09:27:03 ===
    accepting AMQP connection <0.285.0> (127.0.0.1:44867 -> 127.0.0.1:5672)

    =INFO REPORT==== 14-Jun-2017::09:27:03 ===
    accepting AMQP connection <0.289.0> (127.0.0.1:44868 -> 127.0.0.1:5672)

    =INFO REPORT==== 14-Jun-2017::09:27:03 ===
    accepting AMQP connection <0.298.0> (127.0.0.1:44869 -> 127.0.0.1:5672)

    And then every 3rd minute or so, these are coming;

    =INFO REPORT==== 14-Jun-2017::09:29:19 ===
    accepting AMQP connection <0.349.0> (127.0.0.1:44923 -> 127.0.0.1:5672)

    =WARNING REPORT==== 14-Jun-2017::09:29:19 ===
    closing AMQP connection <0.349.0> (127.0.0.1:44923 -> 127.0.0.1:5672):
    connection_closed_abruptly

    =INFO REPORT==== 14-Jun-2017::09:32:21 ===
    accepting AMQP connection <0.377.0> (127.0.0.1:45112 -> 127.0.0.1:5672)

    =WARNING REPORT==== 14-Jun-2017::09:32:21 ===
    closing AMQP connection <0.377.0> (127.0.0.1:45112 -> 127.0.0.1:5672):
    connection_closed_abruptly
  • idarlund,

    I think I have your issue. The trigger symptom, along with your other description is this:

    =INFO REPORT==== 14-Jun-2017::09:32:21 ===
    accepting AMQP connection <0.377.0> (127.0.0.1:45112 -> 127.0.0.1:5672)

    =WARNING REPORT==== 14-Jun-2017::09:32:21 ===
    closing AMQP connection <0.377.0> (127.0.0.1:45112 -> 127.0.0.1:5672):
    connection_closed_abruptly

    It looks like rabbitmq is not able to connect to the AMQP service due to a service issue with this. This service is a dependency for scheduled tasks, including checking pulses for updates. This is almost always due to a corrupted dets file.

    Please do the following:

    mv /var/lib/rabbitmq/mnesia/alienvault@localhost/recovery.dets /root/
    service rabbitmq-server restart
    ossim-reconfig -c -v -d

    You should see pulses load within the next 15 minutes. if so, then feel free to delete the recovery.dets file moved to /root/

    Unfortunately, if this is not the case, the only other option gets a lot trickier.
  • Thanks for your effort on this. I'm sorry, but I have to report that it didn't work. After moving the file /var/lib/rabbitmq/mnesia/alienvault@localhost/recovery.dets to /root/, restarting the rabbitmq and did a reconfig the file /var/lib/rabbitmq/mnesia/alienvault@localhost/recovery.dets and /root/recovery.dets were similar;
    alienvault:~# diff /var/lib/rabbitmq/mnesia/alienvault@localhost/recovery.dets /root/recovery.dets
    alienvault:~#

    I also checked the web-gui and the loading screen is still "loading".

    I guess i would need the more trickier option.
Sign In or Register to comment.