I upgaraded the firewall and web gui stop working properly here the log:
Nov 4 20:07:23 emi[10066]: Failed calling status display 'status.notifications.services'.
Nov 4 20:07:25 emi[10066]: Failed calling status display 'status.notifications.services'.
Nov 4 20:07:27 emi[10066]: Failed calling status display 'status.notifications.services'
Imposible to restart services as Snort.. no rule updates.
HTTP Proxy the same story imposible to restart service from web gui.
Proxy Graphs no upadates too.
When doing restart or update of rules snort as example from web gui
get error
Nov 4 20:11:07 snort[10816]: Initializing rule chains...
Nov 4 20:11:07snort[10816]: FATAL ERROR: /etc/snort/processed.rules(17) Invalid tag arguments: session
here output of monitor.log
[Thu Nov 4 19:53:15 EDT 2010] Stopped monitoring of: ntpd
[Thu Nov 4 19:53:15 EDT 2010] Started monitoring of: ntpd
[Thu Nov 4 19:53:16 EDT 2010] Stopped monitoring of: pyzord
[Thu Nov 4 19:53:16 EDT 2010] Started monitoring of: pyzord
[Thu Nov 4 19:53:16 EDT 2010] Stopped monitoring of: pyzord
[Thu Nov 4 19:53:16 EDT 2010] Started monitoring of: pyzord
[Thu Nov 4 19:53:21 EDT 2010] Started monitoring of: spamassassin
[Thu Nov 4 19:53:21 EDT 2010] Started monitoring of: p3scan
[Thu Nov 4 19:53:22 EDT 2010] Started monitoring of: amavisd
[Thu Nov 4 19:53:23 EDT 2010] Started monitoring of: postfix
[Thu Nov 4 19:53:24 EDT 2010] Started monitoring of: mailgraph
[Thu Nov 4 19:53:28 EDT 2010] Started monitoring of: squid
[Thu Nov 4 19:53:35 EDT 2010] Started monitoring of: havp
[Thu Nov 4 19:53:36 EDT 2010] Started monitoring of: dansguardian
[Thu Nov 4 19:53:38 EDT 2010] Started monitoring of: fcron
[Thu Nov 4 20:01:22 EDT 2010] Stopped monitoring of: emi
[Thu Nov 4 20:01:25 EDT 2010] Started monitoring of: emi
[Thu Nov 4 20:06:57 EDT 2010] Stopped monitoring of: snort
[Thu Nov 4 20:06:57 EDT 2010] Stopped monitoring of: snort
[Thu Nov 4 20:06:58 EDT 2010] Started monitoring of: snort
[Thu Nov 4 20:07:19 EDT 2010] Stopped monitoring of: emi
[Thu Nov 4 20:07:22 EDT 2010] Started monitoring of: emi
here output monit.log
Nov 4 20:01:25 wall monit[4227]: monitor service 'emi' on user request
Nov 4 20:01:25 wall monit[4227]: monit daemon at 4227 awakened
Nov 4 20:01:25 wall monit[4227]: Awakened by User defined signal 1
Nov 4 20:06:57 wall monit[4227]: unmonitor service 'snort' on user request
Nov 4 20:06:57 wall monit[4227]: monit daemon at 4227 awakened
Nov 4 20:06:57 wall monit[4227]: Awakened by User defined signal 1
Nov 4 20:06:58 wall monit[4227]: unmonitor service 'snort' on user request
Nov 4 20:06:58 wall monit[4227]: monit daemon at 4227 awakened
Nov 4 20:06:58 wall monit[4227]: monitor service 'snort' on user request
Nov 4 20:06:58 wall monit[4227]: monit daemon at 4227 awakened
Nov 4 20:06:59 wall monit[4227]: Awakened by User defined signal 1
Nov 4 20:07:19 wall monit[4227]: unmonitor service 'emi' on user request
Nov 4 20:07:19 wall monit[4227]: monit daemon at 4227 awakened
Nov 4 20:07:19 wall monit[4227]: Awakened by User defined signal 1
Nov 4 20:07:19 wall monit[4227]: 'snort' process is not running
Nov 4 20:07:19 wall monit[4227]: 'snort' trying to restart
Nov 4 20:07:19 wall monit[4227]: 'snort' start: /etc/init.d/snort
Nov 4 20:07:22 wall monit[4227]: monitor service 'emi' on user request
Nov 4 20:07:22 wall monit[4227]: monit daemon at 4227 awakened
Nov 4 20:07:22 wall monit[4227]: Awakened by User defined signal 1
Nov 4 20:07:49 wall monit[4227]: 'snort' failed to start
Nov 4 20:07:54 wall monit[4227]: 'snort' process is not running
Nov 4 20:07:54 wall monit[4227]: 'snort' trying to restart
Nov 4 20:07:54 wall monit[4227]: 'snort' start: /etc/init.d/snort
Nov 4 20:08:24 wall monit[4227]: 'snort' failed to start
Nov 4 20:08:58 wall monit[4227]: 'snort' process is not running
Nov 4 20:08:58 wall monit[4227]: 'snort' trying to restart
Nov 4 20:08:58 wall monit[4227]: 'snort' start: /etc/init.d/snort
Nov 4 20:09:28 wall monit[4227]: 'snort' failed to start
Nov 4 20:10:03 wall monit[4227]: 'snort' process is not running
Nov 4 20:10:03 wall monit[4227]: 'snort' trying to restart
Nov 4 20:10:03 wall monit[4227]: 'snort' start: /etc/init.d/snort
Nov 4 20:10:33 wall monit[4227]: 'snort' failed to start
Nov 4 20:11:07 wall monit[4227]: 'snort' process is not running
Nov 4 20:11:07 wall monit[4227]: 'snort' trying to restart
Nov 4 20:11:07 wall monit[4227]: 'snort' start: /etc/init.d/snort
Nov 4 20:11:37 wall monit[4227]: 'snort' failed to start
Nov 4 20:12:11 wall monit[4227]: 'snort' service timed out and will not be checked anymore
But from shell command line I can restore services up and running.
Any help welcome.
Thank you in advance,
Slava.
Yes I check right now only HTTP Proxy working and SMTP proxy.
Snort only trought ssh can be start, but only in IDS mode not inline or IPS.
The same thing happen to me.
Better make report to bugs . endian.com site.
I opened tickets for this issue: 0003262: After upgrade from 2.4 to 2.4.1 have emi panic.
I came to conclusion the cause of this problems in EMI service. This service is not updating properly.
WTF. Same issue as well.
Hopefully there is a fix soon?
Also, is there a way to update the blacklists automatically?