[prev in list] [next in list] [prev in thread] [next in thread]
List: dragonidsuser
Subject: Re: [Dragonidsuser] Signature descriptions on the Realtime
From: "Gomez, Julian Jose (TSDO Solution Services)" <julian-jose.gomez () hp ! com>
Date: 2008-07-15 6:30:29
Message-ID: 390F66D50063C44E97F7F1473F95ED2D2BC663B15B () GVW1113EXC ! americas ! hpqcorp ! net
[Download RAW message or body]
Hi All,
In case it helps someone else down the line, problem turned out to be permissions on \
the perl-DBD-MySQL module. Went around doing chmod go+rw under a few /usr/lib/perl5/ \
sub-directories.
Best regards, Julian.
-----Original Message-----
From: Gomez, Julian Jose (TSDO Solution Services)
Sent: Tuesday, 8 July 2008 7:33 PM
To: 'Dragon IDS User List'
Subject: Signature descriptions on the Realtime Console are coming up blank
Hello All,
When I access the Realtime Console and drill down to a signature, clicking the \
hyperlink brings up a mini popup window with the signature name but missing the \
description. I've reviewed the FAQs and this problem is referenced at two places:
(a) To synchronize the database using the 'Reporting' option. I've done this and it \
completed successfully. (b) To install the Msql-MySQL package. I've done this and it \
completed successfully.
If I execute "sigdesc.pl", it seems to return successfully, mirroring the results \
from a different DEM. My MySQL instance resides on a different host, so I changed the \
port number inside the Perl script from 9117 to 3306.
[root@ckpgt-ipm1 dfire]# ./sigdesc.pl
Expires: Mon, 07 Jul 2008 11:23:27 GMT
Date: Tue, 08 Jul 2008 11:23:27 GMT
Content-Type: text/html; charset=ISO-8859-1
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" \
xml:lang="en-US"><head><title>Trending: Signature List</title> </head><body \
leftmargin="0" bgcolor="#ffffff" topmargin="0"><form method="post" \
action="/./sigdesc.pl" enctype="application/x-www-form-urlencoded"> <!-- SIGNATURE = \
-->
<table cellpadding=4 cellspacing=0 border=0 width=100%>
<tr bgcolor=#99cdff><td><B><FONT COLOR=#000000>Detail of </B>
</td></tr></table><BR>
Can't locate object method "connect" via package "dbi" at ./sigdesc.pl line 222.
The prerequisite pkgs have been installed:
[root@ckpgt-ipm1 logs]# rpm -qa | grep -i dbd
perl-DBD-MySQL-2.9004-3.1
[root@ckpgt-ipm1 logs]# rpm -ql perl-DBD-MySQL
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/Bundle/DBD/mysql.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBD/mysql.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBD/mysql/GetInfo.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBD/mysql/INSTALL.pod
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/Mysql.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/Mysql/Statement.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/DBD/mysql/mysql.bs
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/DBD/mysql/mysql.so
/usr/share/man/man3/Bundle::DBD::mysql.3pm.gz
/usr/share/man/man3/DBD::mysql.3pm.gz
/usr/share/man/man3/DBD::mysql::INSTALL.3pm.gz
/usr/share/man/man3/Mysql.3pm.gz
[root@ckpgt-ipm1 dfire]# rpm -qa | grep -i dbi
perl-DBI-1.40-8
[root@ckpgt-ipm1 dfire]# rpm -ql perl-DBI
/usr/bin/dbiprof
/usr/bin/dbiproxy
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/Bundle/DBI.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBD/ExampleP.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBD/NullP.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBD/Proxy.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBD/Sponge.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBI
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBI.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBI/Changes.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBI/Const/GetInfo/ANSI.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBI/Const/GetInfo/ODBC.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBI/Const/GetInfoReturn.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBI/Const/GetInfoType.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBI/DBD.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBI/DBD/Metadata.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBI/FAQ.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBI/Profile.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBI/ProfileData.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBI/ProfileDumper.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBI/ProfileDumper/Apache.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBI/ProxyServer.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBI/PurePerl.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/DBI/W32ODBC.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/Win32/DBIODBC.pm
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/DBI
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/DBI/DBI.bs
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/DBI/DBI.so
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/DBI/DBIXS.h
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/DBI/Driver.xst
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/DBI/Driver_xst.h
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/DBI/dbd_xsh.h
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/DBI/dbi_sql.h
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/DBI/dbipport.h
/usr/share/man/man1/dbiprof.1.gz
/usr/share/man/man1/dbiproxy.1.gz
/usr/share/man/man3/Bundle::DBI.3pm.gz
/usr/share/man/man3/DBD::Proxy.3pm.gz
/usr/share/man/man3/DBD::Sponge.3pm.gz
/usr/share/man/man3/DBI.3pm.gz
/usr/share/man/man3/DBI::Const::GetInfo::ANSI.3pm.gz
/usr/share/man/man3/DBI::Const::GetInfo::ODBC.3pm.gz
/usr/share/man/man3/DBI::Const::GetInfoReturn.3pm.gz
/usr/share/man/man3/DBI::Const::GetInfoType.3pm.gz
/usr/share/man/man3/DBI::DBD.3pm.gz
/usr/share/man/man3/DBI::DBD::Metadata.3pm.gz
/usr/share/man/man3/DBI::FAQ.3pm.gz
/usr/share/man/man3/DBI::Profile.3pm.gz
/usr/share/man/man3/DBI::ProfileData.3pm.gz
/usr/share/man/man3/DBI::ProfileDumper.3pm.gz
/usr/share/man/man3/DBI::ProfileDumper::Apache.3pm.gz
/usr/share/man/man3/DBI::ProxyServer.3pm.gz
/usr/share/man/man3/DBI::PurePerl.3pm.gz
/usr/share/man/man3/DBI::W32ODBC.3pm.gz
/usr/share/man/man3/Win32::DBIODBC.3pm.gz
The specific error when clicking the signature name URL, as returned from Jboss logs \
are:
2008-07-08 18:42:57,466 INFO [org.jboss.web.localhost.Engine] \
SingleSignOn[localhost]: Process request for '/cgi-bin/dfire/sigdesc.pl' 2008-07-08 \
18:42:57,466 INFO [org.jboss.web.localhost.Engine] SingleSignOn[localhost]: \
Checking for SSO cookie 2008-07-08 18:42:57,466 INFO \
[org.jboss.web.localhost.Engine] SingleSignOn[localhost]: Checking for cached \
principal for CC3057057152EC401B1EFA643A2D708A 2008-07-08 18:42:57,466 INFO \
[org.jboss.web.localhost.Engine] SingleSignOn[localhost]: Found cached principal \
'dragon' with auth type 'FORM' 2008-07-08 18:42:57,467 INFO \
[org.jboss.web.localhost.Engine] SingleSignOn[localhost]: Associate sso id \
CC3057057152EC401B1EFA643A2D708A with session \
StandardSession[626F9014451620E18120CCCC46D085F0] 2008-07-08 18:42:57,469 INFO \
[org.jboss.web.localhost.Engine] cgi: findCGI: path=/dfire/sigdesc.pl, \
/software/dragon/enterprise-manager/server/default/deploy/ROOT.war/WEB-INF/cgi-bin \
2008-07-08 18:42:57,469 INFO [org.jboss.web.localhost.Engine] cgi: findCGI: \
currentLoc=/software/dragon/enterprise-manager/server/default/deploy/ROOT.war/WEB-INF/cgi-bin
2008-07-08 18:42:57,469 INFO [org.jboss.web.localhost.Engine] cgi: findCGI: \
currentLoc=/software/dragon/enterprise-manager/server/default/deploy/ROOT.war/WEB-INF/cgi-bin
2008-07-08 18:42:57,469 INFO [org.jboss.web.localhost.Engine] cgi: findCGI: \
currentLoc=/software/dragon/enterprise-manager/server/default/deploy/ROOT.war/WEB-INF/cgi-bin/dfire
2008-07-08 18:42:57,470 INFO [org.jboss.web.localhost.Engine] cgi: findCGI: FOUND \
cgi at /software/dragon/enterprise-manager/server/default/deploy/ROOT.war/WEB-INF/cgi-bin/dfire/sigdesc.pl
2008-07-08 18:42:57,470 INFO [org.jboss.web.localhost.Engine] cgi: findCGI calc: \
name=sigdesc.pl, path=/software/dragon/enterprise-manager/server/default/deploy/ROOT.war/WEB-INF/cgi-bin/dfire/sigdesc.pl, \
scriptname=/cgi-bin/dfire/sigdesc.pl, cginame=/dfire/sigdesc.pl 2008-07-08 \
18:42:57,470 INFO [org.jboss.web.localhost.Engine] cgi: \
runCGI(envp=[{HTTP_USER_AGENT=Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) \
Gecko/2008052906 Firefox/3.0, HTTP_ACCEPT_ENCODING=gzip,deflate, REQUEST_METHOD=GET, \
AUTH_TYPE=FORM, HTTP_ACCEPT_LANGUAGE=en-us,en;q=0.5, SERVER_NAME=172.19.129.34, \
SERVER_SOFTWARE=TOMCAT, \
HTTP_REFERER=https://172.19.129.34:9443/cgi-bin/realtime/realtime.cgi?sourceport=&dest \
port=&tfilter=48hrs&dir=nil&proto=&sensor=&group=&numlines=300&cidr=16&ipm=&srcipm=&ds \
tipm=&ipf=&srcipf=&dstipf=&refer=0&program=EventDetail&starttime=&stoptime=&event=DOS:DDNSF&odd=, \
HTTP_KEEP_ALIVE=300, HTTP_ACCEPT_CHARSET=ISO-8859-1,utf-8;q=0.7,*;q=0.7, \
HTTP_HOST=172.19.129.34:9443, GATEWAY_INTERFACE=CGI/1.1, \
X_TOMCAT_SCRIPT_PATH=/software/dragon/enterprise-manager/server/default/deploy/ROOT.war/WEB-INF/cgi-bin/dfire/sigdesc.pl, \
REMOTE_ADDR=10.237.18.112, SERVER_PROTOCOL=HTTP/1.1, PATH_INFO=, \
REMOTE_HOST=10.237.18.112, QUERY_STRING=Signature=DOS:DDNSF, \
HTTP_CONNECTION=keep-alive, SERVER_PORT=9443, \
HTTP_COOKIE=JSESSIONID=626F9014451620E18120CCCC46D085F0; \
JSESSIONIDSSO=CC3057057152EC401B1EFA643A2D708A, CONTENT_TYPE=, CONTENT_LENGTH=, \
HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, \
SCRIPT_NAME=/cgi-bin/dfire/sigdesc.pl, REMOTE_USER=dragon, REMOTE_IDENT=}], \
command=/software/dragon/enterprise-manager/server/default/deploy/ROOT.war/WEB-INF/cgi-bin/dfire/sigdesc.pl)
2008-07-08 18:42:57,610 INFO [org.jboss.web.localhost.Engine] cgi: runCGI: \
addHeader("Expires: Mon, 07 Jul 2008 10:42:57 GMT")
2008-07-08 18:42:57,610 INFO [org.jboss.web.localhost.Engine] cgi: runCGI \
(stderr):install_driver(mysql) failed: Can't locate loadable object for module \
DBD::mysql in @INC (@INC contains: . /usr/lib/perl5/5.8.5/i386-linux-thread-multi \
/usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi \
/usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi \
/usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi \
/usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi \
/usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi \
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 \
/usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 \
/usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 \
/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl \
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi \
/usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi \
/usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi \
/usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi \
/usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi \
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi \
/usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 \
/usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 \
/usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 \
/usr/lib/perl5/vendor_perl) at (eval 13) line 3
2008-07-08 18:42:57,611 INFO [org.jboss.web.localhost.Engine] cgi: runCGI: \
addHeader("Date: Tue, 08 Jul 2008 10:42:57 GMT") 2008-07-08 18:42:57,611 INFO \
[org.jboss.web.localhost.Engine] cgi: runCGI (stderr):Compilation failed in require \
at (eval 13) line 3. 2008-07-08 18:42:57,611 INFO [org.jboss.web.localhost.Engine] \
cgi: runCGI: addHeader("Content-Type: text/html; charset=ISO-8859-1") 2008-07-08 \
18:42:57,611 INFO [org.jboss.web.localhost.Engine] cgi: runCGI (stderr):Perhaps a \
module that DBD::mysql requires hasn't been fully installed 2008-07-08 18:42:57,611 \
INFO [org.jboss.web.localhost.Engine] cgi: runCGI: write("<?xml version="1.0" \
encoding="iso-8859-1"?> <!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" \
xml:lang="en-US"><head><title>Trending: Signature List</title> </head><body \
leftmargin="0" bgcolor="#ffffff" topmargin="0"><form method="post" \
action="/cgi-bin/dfire/sigdesc.pl?Signature=DOS:DDNSF" \
enctype="application/x-www-form-urlencoded"> <!-- SIGNATURE = DOS:DDNSF -->
<table cellpadding=4 cellspacing=0 border=0 width=100%>
<tr bgcolor=#99cdff><td><B><FONT COLOR=#000000>Detail of DOS:DDNSF</B>
</td></tr></table><BR>
")
2008-07-08 18:42:57,611 INFO [org.jboss.web.localhost.Engine] cgi: runCGI (stderr): \
at /software/dragon/enterprise-manager/server/default/deploy/ROOT.war/WEB-INF/cgi-bin/dfire/sigdesc.pl \
line 107 2008-07-08 18:42:57,612 INFO [org.jboss.web.localhost.Engine] cgi: runCGI: \
1 lines received on stderr
It doesn't state which loadable module is missing and I'm a bit perplexed. Am I \
missing something obvious? Thanks!
Best regards, Julian.
_______________________________________________
Dragonidsuser mailing list
Dragonidsuser@enterasys.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic