One command to diagnose the Ossim system

Alienvault-doctor is a very useful ossim system detection script, the following look at a fault system detection effect:

virtualusmallinone:~# alienvault-doctor

AlienVault Doctor version 4.13.0 (Hemingway)

AlienVault version:4.13.0

Installed Profiles:server,database,framework,sensor

Operating System:linux

Hardware platform:x86_64

Hostname:virtualusmallinone

Hmmm, let the Doctor has a look at ...

[Warning] Could not evaluate "" Can ' t retrieve sensor list:error and querying for ' sensor ' systems: (Operationalerror) (2003, "Ca N ' t connect to MySQL server on ' 127.0.0.1 ' (111) ") none none" = = "" "in check" celery workers ": Invalid Syntax (<string& gt;, line 1)

...

hooray! The Doctor have diagnosed you and check out the results ...

Plugin ansiblemgr_log.plg didn ' t run:cannot parse file "/var/log/alienvault/api/ansiblemgr.log": [Errno 2] No such F Ile or directory: '/var/log/alienvault/api/ansiblemgr.log '

Plugin:connection_no

[*] Connections:number of Connections between server, MySQL and/or IDM not expected

Word of Advice:connections to the AlienVault subsystems vary between a well defined range. Please check where the extra connections come from

Plugin:disk_usage

[*] Root partition Critical:all good

[*] Root partition Warning:all good

Plugin mysql_history didn ' t run:cannot parse file "/root/.mysql_history": [Errno 2] No such file or directory: '/roo T/.mysql_history '

Plugin:netstat

[*] RX and TX Queues:ossim server, agent or MySQL may has problems with their rx/tx queues

Word of ADVICE:RX/TX queues is network buffers. Large queues to network problems. Please check your network connection and hardware

Plugin Gunicorn_access_log didn ' t run:cannot parse file "/var/log/alienvault/api/gunicorn_access.log": [Errno 2] No such File or directory: '/var/log/alienvault/api/gunicorn_access.log '

Plugin:corrupt_tables

[*] Corrupted Tables:all Good

Plugin:installed_pkg

[*] Default Packages:some packages do not match default installation

Word of Advice:alienvault Systems is designed to work with a well defined set of packages. Adding or deleting packages manually is not supported and may leads to unexpected results

[*] Version Compliance:some package versions don't match with the installed AlienVault version

Word of Advice:alienvault packages is built and tested to work in a version consistent fashion. Inconsistent versions across different AlienVault packages could leads to unexpected issues.

Plugin superdoctor didn ' t run:required file "/USR/SBIN/SDT" does not exist

Plugin:percona_logrotate

[*] Signatures:all good

[*] Mysql.err:mysql.err isn't on the logrotate configuration

Word of advice:the Mysql.err file may become too large and should is rotated properly. Please check your logrotate configuration

[*] Mysql.log:All good

Plugin:celerybeat_log.plg

[*] Celerybeat Process:all Good

Plugin gunicorn_log didn ' t run:cannot parse file "/var/log/alienvault/api/gunicorn.log": [Errno 2] No such file or di Rectory: '/var/log/alienvault/api/gunicorn.log '

Plugin chassis didn ' t run:required module "ipmi_devintf" is not present

Plugin:celeryworker_log.plg

[*] Celery Workers:celery is not working properly

Word of Advice:celery is the task Manager of choice in AlienVault. Workers reporting errors may suggest that your queues or custom tasks is not working properly.

Plugin:processes

[*] Server:all Good

[*] Indexer:all Good

[*] Mysql:all Good

Plugin:api_log

[*] Number of connection attempts to rabbitmq:all good

Plugin bash_history didn ' t run:cannot parse file "/root/.bash_history": [Errno 2] No such file or directory: '/root/. Bash_history '

Plugin:pkg_checksum

[*] Ossim_checks:all good

Plugin:server_log

[*] IDM Connection Recovery:all Good

[*] Remote Server Connection Recovery:all Good

Plugin:network_interface

[*] Collisions:all Good

[*] Rx/tx Errors:all Good

[*] Mtu:all Good

Plugin:default_hw

[*] Default Hardware:all Good

Plugin:schema_version

[*] Schema Version:all Good

Plugin:null_fields

[*] Event sensor Field:some Events in your database has null sensor_id fields

Word of Advice:events without an associated sensor_id is a sign of misconfigured plugins and/or sensor properties. Please check the both in your system

[*] Server DB Configuration:all Good

Plugin vm_requirements didn ' t run:memory requirement is not met

Next we will be based on these red hints to be targeted for fault handling.

This article is from the "Lee Chenguang Original Technology blog" blog, please be sure to keep this source http://chenguang.blog.51cto.com/350944/1689915

One command to diagnose the Ossim system