Project

General

Profile

Bug #12

Errors from Event Log Hooks After Upgrading

Added by Luke Murphey over 14 years ago. Updated over 10 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Log Management
Target version:
-
Start date:
04/08/2010
Due date:
% Done:

0%


Description

Event log hooks cannot survive an upgrade to a new version of NSIA because they are serialized and native Java serialization fails with newer versions of the classes.


Related issues

Related to ThreatFactor NSIA - Feature #17: Email Action Improvements New

History

#1 Updated by Luke Murphey over 14 years ago

Event log hooks should probably be replaced with a system that acts on scan results directly as opposed to older method of hooking into the event log events. A system that acts on scan results would have the following benefits:

  • Could aggregate on repeated failures (only report once per day, hour, etc)
  • Have site-group, rule and global scopes
  • Include more information about the detection in the escalation

#2 Updated by Luke Murphey over 14 years ago

Note, there is no built-in way to delete hooks that can no longer be loaded. You have to delete them from the database directly.

This isn't necessary though since the old hooks don't prevent the application from running correctly (just generate log messages indicating that they could not be loaded).

#3 Updated by Luke Murphey about 14 years ago

  • Category set to Core Application

#4 Updated by Luke Murphey about 14 years ago

  • Category changed from Core Application to Log Management

#5 Updated by Luke Murphey almost 14 years ago

A couple of options for handling this:

  1. Purge event log hooks that will not load during upgrade operations
  2. Give users an option to purge event log hooks that fail to load (like a debug console or command-line option)

#6 Updated by Luke Murphey over 10 years ago

  • Assignee deleted (Luke Murphey)

Also available in: Atom PDF