If you install AlienVault SIEM v3 or v4, with server and framework profile on different machines, then you would get following error while accessing the Intelligence > Correlation Directives
Warning: DOMDocument::load() [domdocument.load]: I/O warning : failed to load external entity "/etc/ossim/server/groups.xml" in/usr/share/ossim/www/directive_editor/include/domxml-php4-to-php5.php on line 164
Error while parsing the document
Reason of error is that, the developer has hard coded the /etc/ossim/server/groups.xml. And this error has been accepted as a development defect, so it might take some time for its resolution in the next minor release.
Temporary solution would be, for the time being, simply copy the /etc/ossim/server/ directory or all its content(.xml files) from the server profile machine to your framework profile machine at the same location. But then in case you add new directives from the web portal, it won't work. You still need to copy them again to the server profile where it ossim-server actually works upon them. Additionally you need to change the ownership of server directory copied at the framework profile: chown www-data:www-data /etc/ossim/server
So basically at server profile, directives are actually being used for the correlation logic whereas at framework profile, its just for displaying at the web portal. And don't forget to restart the server, when new directives are added.
UPDATE : This problem has been resolved with latest update.
Warning: DOMDocument::load() [domdocument.load]: I/O warning : failed to load external entity "/etc/ossim/server/groups.xml" in/usr/share/ossim/www/directive_editor/include/domxml-php4-to-php5.php on line 164
Error while parsing the document
Reason of error is that, the developer has hard coded the /etc/ossim/server/groups.xml. And this error has been accepted as a development defect, so it might take some time for its resolution in the next minor release.
Temporary solution would be, for the time being, simply copy the /etc/ossim/server/ directory or all its content(.xml files) from the server profile machine to your framework profile machine at the same location. But then in case you add new directives from the web portal, it won't work. You still need to copy them again to the server profile where it ossim-server actually works upon them. Additionally you need to change the ownership of server directory copied at the framework profile: chown www-data:www-data /etc/ossim/server
So basically at server profile, directives are actually being used for the correlation logic whereas at framework profile, its just for displaying at the web portal. And don't forget to restart the server, when new directives are added.
UPDATE : This problem has been resolved with latest update.
No comments:
Post a Comment