ASL Troubleshooting
From Atomicorp Wiki
ASL 2.2 Troubleshooting
Check the ASL FAQ too.
Contents |
[edit] Can't connect to Web GUI on port 30000
(Run all of these as root)
1) Check the service
ps auxwww | grep asl-http
If the service is running, you should see this:
root 3547 0.0 0.0 246900 720 ? Ss Aug20 0:18 /var/asl/usr/sbin/asl-httpd tortix 8664 0.0 0.1 249804 2048 ? S Sep05 0:13 /var/asl/usr/sbin/asl-httpd tortix 8826 0.0 0.0 249764 1700 ? S Sep05 0:13 /var/asl/usr/sbin/asl-httpd tortix 10355 0.0 0.1 249908 2956 ? S Sep05 0:13 /var/asl/usr/sbin/asl-httpd tortix 10513 0.0 0.1 247712 2856 ? S Sep05 0:13 /var/asl/usr/sbin/asl-httpd tortix 10751 0.0 0.1 247712 2824 ? S Sep05 0:13 /var/asl/usr/sbin/asl-httpd
If the service is not running, you can start it with this command:
/etc/init.d/asl-httpd start
If you are missing that file, then you do not have all of ASL 2.2 installed. Please re-install ASL as the ASL installer is the best tool for installing ASL completely.
If you get an error starting ASL, then you may not have all of ASL installed. With that said, you can also try using yum to upgrade the system. If you do not keep your system up to date you may need to install many updates that are not related to ASL. We always recommend you keep up with your vendors updates as many of them fix critical security vulnerabilities. To upgrade your entire system you would run this command as root:
yum upgrade
If you system is a non-standard hybrid, such as a partial FC 11/12 system or a beta release of a distribution - that configuration is not supported. We can not test hybrids and only support standard releases, so make sure you are running on a supported distribution.
2) Make sure you dont have something else listening on port 30000:
netstat -anp | grep asl-http | grep 30000
and you should see this:
tcp 0 0 :::30000 :::* LISTEN 3547/asl-httpd
3) Next, check your firewall rules:
iptables -L -n | grep 30000
You may see this:
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:30000
Or something like this (this is an example of restricting access to only certain IPs)
ACCEPT tcp -- 70.184.242.83 0.0.0.0/0 state NEW tcp dpt:30000 ACCEPT tcp -- 71.166.159.247 0.0.0.0/0 state NEW tcp dpt:30000
Or you may have no firewall rules at all - if you get nothing, dump all your rules:
iptables -L -n
If you see this:
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
You have no firewall rules.
If you see something like this (it will vary for your system):
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
The above example shows a system that only allows traffic in port 22 - notice that there is no rule for port 30000 - this is a problem and you will need to add a rule for port 30000. Heres a quick way to add it:
iptables -I INPUT -s any/0 -p tcp --dport 30000 -j ACCEPT
The rule is not permanent, and you will need to add it to your permanent firewall rules.
4) Fire up a sniffer to make sure the problem is not upstream
Note: Make sure you set "eth0" below to the interface that has the IP address assigned to it that you are going to test. If you tell the sniffer to watch a different interface, you will not see the traffic.
tethereal -i eth0 port 30000
If you do not have tethereal installed, run this command: yum install tethereal
If you can not install tethereal, see the "tcpdump" example that follows the tethereal example:
tethereal example: If you have no problems upstream, you will something like this:
Capturing on eth0 0.000000 1.2.3.4 -> 9.8.7.6 TCP 46910 > 30000 [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=690440808 TSER=0 WS=7 0.000055 9.8.7.6 -> 1.2.3.4 TCP 30000 > 46910 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=491123062 TSER=690440808 WS=7 0.047190 1.2.3.4 -> 9.8.7.6 TCP 46910 > 30000 [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=690440854 TSER=491123062 0.048117 1.2.3.4 -> 9.8.7.6 TCP 46910 > 30000 [PSH, ACK] Seq=1 Ack=1 Win=5888 Len=114 TSV=690440855 TSER=491123062 0.048149 9.8.7.6 -> 1.2.3.4 TCP 30000 > 46910 [ACK] Seq=1 Ack=115 Win=5888 Len=0 TSV=491123074 TSER=690440855 0.403626 9.8.7.6 -> 1.2.3.4 TCP 30000 > 46910 [ACK] Seq=1 Ack=115 Win=5888 Len=1448 TSV=491123163 TSER=690440855 0.403646 9.8.7.6 -> 1.2.3.4 TCP 30000 > 46910 [PSH, ACK] Seq=1449 Ack=115 Win=5888 Len=159 TSV=491123163 TSER=690440855 0.452383 1.2.3.4 -> 9.8.7.6 TCP 46910 > 30000 [ACK] Seq=115 Ack=1449 Win=8832 Len=0 TSV=690441260 TSER=491123163 0.454911 1.2.3.4 -> 9.8.7.6 TCP 46910 > 30000 [ACK] Seq=115 Ack=1608 Win=11648 Len=0 TSV=690441262 TSER=491123163 0.455637 1.2.3.4 -> 9.8.7.6 TCP 46910 > 30000 [PSH, ACK] Seq=115 Ack=1608 Win=11648 Len=198 TSV=690441263 TSER=491123163 0.455652 9.8.7.6 -> 1.2.3.4 TCP 30000 > 46910 [ACK] Seq=1608 Ack=313 Win=6912 Len=0 TSV=491123176 TSER=690441263 0.457887 9.8.7.6 -> 1.2.3.4 TCP 30000 > 46910 [PSH, ACK] Seq=1608 Ack=313 Win=6912 Len=59 TSV=491123176 TSER=690441263 0.508890 1.2.3.4 -> 9.8.7.6 TCP 46910 > 30000 [PSH, ACK] Seq=313 Ack=1667 Win=11648 Len=565 TSV=690441315 TSER=491123176 0.547198 9.8.7.6 -> 1.2.3.4 TCP 30000 > 46910 [ACK] Seq=1667 Ack=878 Win=8064 Len=0 TSV=491123199 TSER=690441315 1.895139 9.8.7.6 -> 1.2.3.4 TCP 30000 > 46910 [ACK] Seq=1667 Ack=878 Win=8064 Len=1448 TSV=491123535 TSER=690441315 1.895160 9.8.7.6 -> 1.2.3.4 TCP 30000 > 46910 [PSH, ACK] Seq=3115 Ack=878 Win=8064 Len=1042 TSV=491123535 TSER=690441315 1.947302 1.2.3.4 -> 9.8.7.6 TCP 46910 > 30000 [ACK] Seq=878 Ack=4157 Win=17536 Len=0 TSV=690442755 TSER=491123535 1.947693 1.2.3.4 -> 9.8.7.6 TCP 46910 > 30000 [PSH, ACK] Seq=878 Ack=4157 Win=17536 Len=37 TSV=690442755 TSER=491123535 1.947715 9.8.7.6 -> 1.2.3.4 TCP 30000 > 46910 [ACK] Seq=4157 Ack=915 Win=8064 Len=0 TSV=491123549 TSER=690442755 1.948027 1.2.3.4 -> 9.8.7.6 TCP 46910 > 30000 [FIN, ACK] Seq=915 Ack=4157 Win=17536 Len=0 TSV=690442755 TSER=491123535 1.949539 9.8.7.6 -> 1.2.3.4 TCP 30000 > 46910 [PSH, ACK] Seq=4157 Ack=916 Win=8064 Len=37 TSV=491123549 TSER=690442755 1.949610 9.8.7.6 -> 1.2.3.4 TCP 30000 > 46910 [FIN, ACK] Seq=4194 Ack=916 Win=8064 Len=0 TSV=491123549 TSER=690442755 1.997338 1.2.3.4 -> 9.8.7.6 TCP 46910 > 30000 [RST] Seq=916 Win=0 Len=0
tcpdump example: If you have no problems upstream, you will something like this:
1.2.3.4 is your client 9.8.7.6 is your server
10:34:26.227472 IP 1.2.3.4.54405 > 9.8.7.6.30000: S 3615766533:3615766533(0) win 5840 <mss 1460,sackOK,timestamp 771590282 0,nop,wscale 7> 10:34:26.227514 IP 9.8.7.6.30000 > 1.2.3.4.54405: S 1843855213:1843855213(0) ack 3615766534 win 5792 <mss 1460,sackOK,timestamp 511410428 771590282,nop,wscale 7> 10:34:26.274981 IP 1.2.3.4.54405 > 9.8.7.6.30000: . ack 1 win 46 <nop,nop,timestamp 771590329 511410428> 10:34:26.275774 IP 1.2.3.4.54405 > 9.8.7.6.30000: P 1:147(146) ack 1 win 46 <nop,nop,timestamp 771590330 511410428> 10:34:26.275806 IP 9.8.7.6.30000 > 1.2.3.4.54405: . ack 147 win 54 <nop,nop,timestamp 511410440 771590330> 10:34:26.276150 IP 9.8.7.6.30000 > 1.2.3.4.54405: P 1:139(138) ack 147 win 54 <nop,nop,timestamp 511410440 771590330> 10:34:26.327459 IP 1.2.3.4.54405 > 9.8.7.6.30000: . ack 139 win 54 <nop,nop,timestamp 771590382 511410440> 10:34:26.329933 IP 1.2.3.4.54405 > 9.8.7.6.30000: P 147:723(576) ack 139 win 54 <nop,nop,timestamp 771590383 511410440> 10:34:26.369824 IP 9.8.7.6.30000 > 1.2.3.4.54405: . ack 723 win 63 <nop,nop,timestamp 511410464 771590383> 10:34:26.518491 IP 9.8.7.6.30000 > 1.2.3.4.54405: . 139:1587(1448) ack 723 win 63 <nop,nop,timestamp 511410501 771590383> 10:34:26.518514 IP 9.8.7.6.30000 > 1.2.3.4.54405: P 1587:2629(1042) ack 723 win 63 <nop,nop,timestamp 511410501 771590383> 10:34:26.518619 IP 9.8.7.6.30000 > 1.2.3.4.54405: P 2629:2666(37) ack 723 win 63 <nop,nop,timestamp 511410501 771590383> 10:34:26.518660 IP 9.8.7.6.30000 > 1.2.3.4.54405: F 2666:2666(0) ack 723 win 63 <nop,nop,timestamp 511410501 771590383> 10:34:26.570119 IP 1.2.3.4.54405 > 9.8.7.6.30000: . ack 2629 win 100 <nop,nop,timestamp 771590625 511410501> 10:34:26.570586 IP 1.2.3.4.54405 > 9.8.7.6.30000: P 723:760(37) ack 2667 win 100 <nop,nop,timestamp 771590625 511410501> 10:34:26.570654 IP 9.8.7.6.30000 > 1.2.3.4.54405: . ack 760 win 63 <nop,nop,timestamp 511410514 771590625> 10:34:26.570760 IP 1.2.3.4.54405 > 9.8.7.6.30000: R 760:760(0) ack 2667 win 100 <nop,nop,timestamp 771590625 511410501> 10:34:26.617628 IP 1.2.3.4.54406 > 9.8.7.6.30000: S 3610239263:3610239263(0) win 5840 <mss 1460,sackOK,timestamp 771590673 0,nop,wscale 7> 10:34:26.617660 IP 9.8.7.6.30000 > 1.2.3.4.54406: S 1858764235:1858764235(0) ack 3610239264 win 5792 <mss 1460,sackOK,timestamp 511410525 771590673,nop,wscale 7> 10:34:26.660089 IP 1.2.3.4.54407 > 9.8.7.6.30000: S 3617695320:3617695320(0) win 5840 <mss 1460,sackOK,timestamp 771590715 0,nop,wscale 7> 10:34:26.660111 IP 9.8.7.6.30000 > 1.2.3.4.54407: S 1850303361:1850303361(0) ack 3617695321 win 5792 <mss 1460,sackOK,timestamp 511410536 771590715,nop,wscale 7> 10:34:26.664975 IP 1.2.3.4.54406 > 9.8.7.6.30000: . ack 1 win 46 <nop,nop,timestamp 771590719 511410525> (and a lot more)
If you dont see a packet exchange, the problem is not with your server - its upstream at some other firewall, or even on your desktop or with your home or office firewall.
If you do see all of this, and still can't connect - you ARE connecting - check your browser to make sure its not breaking on the connection. For example, if you connect with "http" instead of "https".
[edit] ASL web gui not running
1. Check to make sure its installed
rpm -qa | grep asl-web
If you do not see that package installed your system may be missing other components of ASL as well. You should run "yum upgrade" to make sure your system is up to date.
2. start the service
/etc/init.d/asl-httpd start
3. Follow the steps above in "Can not connect to port 3000" to make sure your firewall and upstream (if any) is configured properly.
[edit] OSSEC-dbd Reports: Lost connection to MySQL server during query
This indicates that the timeout parameter for mysql is either too short, or the database server is under considerable load. To increase the timeout period:
1) Edit /etc/my.cnf
2) Add or modify the "wait_timeout" variable
[mysqld] wait_timeout=28800 interactive_timeout = 28800
3) restart mysql
/etc/init.d/mysqld restart
[edit] [Errno 14] HTTP Error 401: Authorization Required
This means that either your ASL password is incorrect or your License has expired. You can change your ASL password and check your license status at this URL:
