http://www.prelude-siem.org/http://www.prelude-siem.org/welcome/themes/prelude/favicon/Prelude-icon.png2018-03-09T17:05:29ZUNITY 360Prelude-LML - Bug #940: Missing prelude-lml services on cross-compiled devicehttp://www.prelude-siem.org/issues/940?journal_id=44192018-03-09T17:05:29ZAntoine LUONGantoine.luong@csnovidys.com
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Assigned</i></li><li><strong>Assignee</strong> set to <i>Antoine LUONG</i></li></ul><p>Hello,</p>
<p>It is normal that the init file is not present if you installed prelude-lml from the sources (we put it in the packaging, not the repository). The same goes with the rules, which have their own repository.</p>
<p>Can you try launching directly the "prelude-lml" command (without the service) and see if it works correctly?</p>
<p>Regards</p> Prelude-LML - Bug #940: Missing prelude-lml services on cross-compiled devicehttp://www.prelude-siem.org/issues/940?journal_id=44202018-03-12T10:02:35ZSebastian K
<ul></ul><p>Hello,</p>
<p>thank you for the fast reply. I guess I installed it from sources with buildroot, as I specified the path to the github repository in my make-files. That's a relief as it has nothing to do with the buildroot make process.</p>
<p>Concerning the prelude-lml issue: after registering the sensor on Machine B (address 192.168.0.1) to my server machine A (address 192.168.0.10) via the command <code>prelude-admin register "prelude-lml" "idmef:w" 192.168.0.10 --gid 0 --uid 0</code> and running the registration-server on A, I tried to run <code>prelude-lml</code> on B. The output says<br /><pre><code class="text syntaxhl"><span class="CodeRay"># prelude-lml
31 Dec 21:19:01 (process:710) INFO: PCRE plugin loaded 460 rules.
31 Dec 21:19:02 (process:710) INFO: Connecting to 192.168.0.10:4690 prelude Manager server.
31 Dec 21:19:02 (process:710) WARNING: prelude-client: error starting prelude-client: TLS server certificate not yet activated.
In order to register this sensor, please run:
prelude-admin register prelude-lml "idmef:w" 192.168.0.10 --uid 0 --gid 0
Profile 'prelude-lml' does not exist. In order to create it, please run:
prelude-admin register "prelude-lml" "idmef:w" <manager address> --uid 0 --gid 0.
</span></code></pre><br />I don't really know what to do with these messages. It says it can connect to the server but when I check for the prelude-lml process I can't find one. So I guess it has something to do with the warning?</p>
<p>Best regards</p> Prelude-LML - Bug #940: Missing prelude-lml services on cross-compiled devicehttp://www.prelude-siem.org/issues/940?journal_id=44212018-03-14T14:09:06ZAntoine LUONGantoine.luong@csnovidys.com
<ul></ul><p>It may be a misconfiguration issue when registering prelude-lml. Please post the output of the "prelude-admin list -l" command on both hosts.</p>
<p>Regards</p> Prelude-LML - Bug #940: Missing prelude-lml services on cross-compiled devicehttp://www.prelude-siem.org/issues/940?journal_id=44222018-03-14T14:42:54ZSebastian K
<ul></ul><p>Here the output of machine A (server):<br /><pre><code class="text syntaxhl"><span class="CodeRay">root@cba-VirtualBox:/home/cba# prelude-admin list -l
Profile UID GID AnalyzerID Permission Issuer AnalyzerID
----------------------------------------------------------------------------------
prelude-lml root root 3520212549068940 idmef:w admin:r 3947566089915782
prelude-manager prelude prelude 3947566089915782 n/a n/a
</span></code></pre></p>
<p>and of machine B (client):<br /><pre><code class="text syntaxhl"><span class="CodeRay"># prelude-admin list -l
Profile UID GID AnalyzerID Permission Issuer AnalyzerID
----------------------------------------------------------------
prelude-lml root root 3155595597106119 idmef:w 3947566089915782
</span></code></pre></p>
<p>Regards,</p> Prelude-LML - Bug #940: Missing prelude-lml services on cross-compiled devicehttp://www.prelude-siem.org/issues/940?journal_id=44232018-03-14T14:52:21ZAntoine LUONGantoine.luong@csnovidys.com
<ul></ul><p>The configuration is OK, but it seems your machine B has an incorrect date defined:</p>
<pre>31 Dec 21:19:01 (process:710) INFO: PCRE plugin loaded 460 rules.</pre> Prelude-LML - Bug #940: Missing prelude-lml services on cross-compiled devicehttp://www.prelude-siem.org/issues/940?journal_id=44252018-03-15T10:03:25ZSebastian K
<ul></ul><p>Hello,</p>
<p>setting the date via <code>date -s</code> on the client resolved the issue. That's the last thing I would have suspected, but it makes sense somehow.</p>
<p>Thanks for the great support!</p>
<p>Regards,</p> Prelude-LML - Bug #940: Missing prelude-lml services on cross-compiled devicehttp://www.prelude-siem.org/issues/940?journal_id=44262018-03-15T10:11:36ZAntoine LUONGantoine.luong@csnovidys.com
<ul><li><strong>Status</strong> changed from <i>Assigned</i> to <i>Resolved</i></li></ul>