13. 03. 2020 Luca Franzoi Bug Fixes, Log Management, Log-SIEM, NetEye, Unified Monitoring

Bug discovered on NetEye module logmanagement and SIEM

A bug has been discovered on NetEye modules logmanagement and SIEM.
If affected, rsyslog directories on system might be created with wrong permissions causing Logstash to be unable to load log lines of some hosts inside Elasticsearch. Users might also receive an error message trying to check signatures for some hosts inside Logmanager Log Check.
All NetEye systems with neteye-logmanagement or netey-siem modules installed might be affected .

To check your system run following command:

find /neteye/shared/rsyslog/data/ -not -perm 770 -type d -exec ls -lad {} \; | grep "dr-------T."

If the provided command returns some results your system is affected.
Please apply the following workaround to fix it until an official bug-fix is provided:

Run command: crontab –e
Add following line:
30 00 * * * /usr/bin/find /neteye/shared/rsyslog/data/ -not -perm 770 -a -not -perm 750 -type d -exec /usr/bin/chmod 770 {} \; > /dev/null
Save the file

Previous steps must be executed on every NetEye node.

If you need further information, or experience some problem applying the fix, feel free to contact our support team using one of the following options:

Share on LinkedIn

Tweet about this on Twitter

Share on Facebook

Email this to someone

Share on Tumblr

Luca Franzoi

Service & Support Engineer at Würth Phoenix

Author

Luca Franzoi

Latest posts by Luca Franzoi

14. 12. 2021 Bug Fixes, NetEye

NetEye 3 Logstash and Elasticsearch – Security Advisory

14. 01. 2020 NetEye, Unified Monitoring

Using Nmap as an Import Source for NetEye 4

10. 12. 2019 Downloads / Release Notes, ITOA, NetEye, Unified Monitoring

Grafana User Management Deprecation in NetEye 4.10

03. 09. 2019 Bug Fixes, NetEye

Security Fix for NetEye 3.17

27. 11. 2017 Service Management

EriZone – Security Advisory

See All

Related Content

Tags: Bug Fixes, Elastic Stack, Log Management, Log Manager, Logstash, NetEye, SIEM

13. 01. 2022 Bug Fixes, Log-SIEM, NetEye

Bugfixes for NetEye 4.21, 4.20, 4.19: Elasticsearch License Renewal

The current Elasticsearch license bundled with NetEye will expire this January 31st. To continue enjoy all the SIEM functionalities you must update to the new license. An automatic update has been released for the most recent NetEye version. Older NetEye Read More

10. 01. 2022 Bug Fixes, NetEye

Bug Fixes for NetEye 4.21

We fixed three bugs in NetEye 4.21: a bug that prevented the user to import Saved Object using Kibana GUIa bug that prevented the user to enrich the logs going through El Proxy with Elasticsearch Ingest Pipelines a bug in Read More

31. 12. 2021 Development, NetEye

Tornado Monitoring and Statistics

When I'm running a service which processes a lot of data, sooner or later I start to wonder: what is the service doing? What data is it processing? This also applies to our event processor Tornado. For the Tornado Engine, Read More

31. 12. 2021 Development, Log Management, Log-SIEM, NetEye

Real Time Log Signing on Fleet-managed Elastic Agents – A Preliminary Investigation

The R&D Team is currently working on the integration of the new Elastic Fleet management tool in NetEye 4. Once Elastic Fleet is fully integrated in NetEye 4, all of the Log Management features currently supported will also need to Read More

29. 12. 2021 ITOA, NetEye

Business Processes and Dashboards

The Business Process module is one of the most useful modules in NetEye, but it's often underestimated. A Business Process offers a way to model relations between monitored objects by NetEye (host and services), allowing you to model applications or Read More

Leave a Reply Cancel reply