What is the URL you are using to logon?
and then I select from Modules Open-AudIT and goes to
https://10.70.32.203/en/omk/open-audit/login?redirect_url=%2Fomk%2Fopen-audit%2F
OK, that's the Professional / Enterprise logon page.
Please attach the logs from omk/log/auth.pm and omk/log/open-audit.log
These will be in (Windows) c:\omk or (Linux) /usr/local/omk.
And also attash omk/conf/opCommon.json
I'm guessing your Apache is not accepting http requests from localhost.
From open-audit.log
[Thu Feb 4 18:39:31 2021] [error] 1272 OMK::oae->get: URL: http://127.0.0.1/open-audit/index.php/widgets [Thu Feb 4 18:50:25 2021] [error] 1274 OMK::oae->get: Nothing returned in response from OAC. Connection refused
And in auth.log
[Thu Feb 4 21:20:05 2021] [error] Connection Error: Connection refused [Thu Feb 4 21:20:05 2021] [info] INFO login request of user=admin method=openaudit failed [Thu Feb 4 21:20:05 2021] [info] 15476 Authentication failure for username=admin [Thu Feb 4 21:22:00 2021] [info] INFO login request of user=admin method=htpasswd failed [Thu Feb 4 21:22:00 2021] [error] Error, failed when sending credentials to oac. Error code ().
on httpd.conf I have:
Listen 10.70.32.203:443 <VirtualHost *:80> ServerName 10.70.32.203 ProxyRequests off RewriteEngine On RewriteCond %{HTTP_HOST} !=localhost [NC] RewriteCond %{REMOTE_ADDR} !=127.0.0.1 RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </VirtualHost>
And on ssl.conf I have
<VirtualHost *:443> SSLEngine On SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key ServerAdmin ept@dagintl.com ServerName 10.70.32.203 SSLProtocol -all +TLSv1.1 +TLSv1.2 SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 !EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH-RSA-DES-CBC3-SHA !ECDHE-RSA-DES-CBC3-SHA !DES-CBC3-SHA !ECDHE-RSA-RC4-SHA !RC4-MD5 !RC4-SHA" TraceEnable off RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} !^/open-audit/ RewriteRule ^/(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L] DocumentRoot /var/www/html/ </VirtualHost>
Do you see anything in your apache access or error logs?
Sorry for asking this way, but I'm new configuring and managing Linux, but where should I configure/allow http from localhost? Is this on the httpd.conf or with the firewall-d service (which it's disabled)?
You need to set this in your apache conf (/etc/httpd). I'd suggest reading up on it.
<VirtualHost *:80> ServerName your.server.name ServerAlias your.server.name ProxyRequests off RewriteEngine On RewriteCond %{HTTP_HOST} !=localhost [NC] RewriteCond %{REMOTE_ADDR} !=127.0.0.1 RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </VirtualHost>
I tried this, restarted the httpd service and I'm still receiving "There was an error authenticating, please try again"
Try running this to set the log level from the command line.
mysql -u openaudit -popenauditpassword openaudit -e "UPDATE configuration SET value = 7 WHERE name = 'log_level';"
Then try and log on. Assuming it fails, run the below to get all logs.
mysql -u openaudit -popenauditpassword openaudit -e "SELECT * FROM logs;" > logs.txt
Then look through logs.txt using less (or tail) for the reason.
less logs.txt
tail -n 100 logs.txt
This is the result I get, sorry for the late response
id timestamp request_microtime type severity severity_text pid user server ip collection action function status summary detail
1 2021-01-19 06:46:40 1611038800.9293 system 5 notice 28738 tform301 172.20.1.6 logon m_logon::logon success User logged on Existing user admin logged on (local account).
2 2021-01-19 14:16:50 1611065810.2079 system 5 notice 5264 tform301 172.20.1.6 logon m_logon::logon success User logged on Existing user admin logged on (local account).
3 2021-01-20 05:15:49 1611119749.5605 system 5 notice 13315 tform301 172.20.1.6 logon m_logon::logon success User logged on Existing user admin logged on (local account).
4 2021-02-04 21:20:05 1612473605.8379 system 5 notice 15482 tform301 10.70.32.201 logon m_logon::logon success User logged on Existing user admin logged on (local account).
5 2021-02-04 21:22:00 1612473720.0788 system 7 debug 15379 tform301 10.70.32.201 m_configuration::load success running sql (0.00013208389282227) /* m_configuration::load */ SELECT NOW() as `timestamp`
6 2021-02-04 21:22:00 1612473720.0788 system 7 debug 15379 tform301 10.70.32.201 m_configuration::load success running sql (0.00013995170593262) /* m_configuration::load */ SELECT TIME_FORMAT(TIMEDIFF(NOW(),CONVERT_TZ(NOW(),@@session.time_zone,'+00:00')),'%H%i') AS `tz`
7 2021-02-04 21:22:00 1612473720.0788 system 7 debug 15379 tform301 10.70.32.201 m_configuration::load success running sql (0.00014710426330566) /* m_configuration::load */ SELECT count(*) as device_count FROM `system`
8 2021-02-04 21:22:00 1612473720.0788 system 7 debug 15379 tform301 10.70.32.201 logon success set format Set format to json, because default.
9 2021-02-04 21:22:00 1612473720.196 system 7 debug 15378 tform301 10.70.32.201 m_configuration::load success running sql (0.00011610984802246) /* m_configuration::load */ SELECT NOW() as `timestamp`
10 2021-02-04 21:22:00 1612473720.196 system 7 debug 15378 tform301 10.70.32.201 m_configuration::load success running sql (0.00013995170593262) /* m_configuration::load */ SELECT TIME_FORMAT(TIMEDIFF(NOW(),CONVERT_TZ(NOW(),@@session.time_zone,'+00:00')),'%H%i') AS `tz`
11 2021-02-04 21:22:00 1612473720.196 system 7 debug 15378 tform301 10.70.32.201 m_configuration::load success running sql (0.00015616416931152) /* m_configuration::load */ SELECT count(*) as device_count FROM `system`
12 2021-02-04 21:22:00 1612473720.196 system 7 debug 15378 tform301 10.70.32.201 logon success set format Set format to json, because default.
13 2021-02-04 21:22:00 1612473720.196 system 7 debug 15378 tform301 10.70.32.201 logon m_configuration::update success running sql (0.00048398971557617) /* m_configuration::update */ SELECT * FROM `configuration` WHERE `name` = 'oae_license'
14 2021-02-04 21:22:00 1612473720.196 system 7 debug 15378 tform301 10.70.32.201 logon m_configuration::update success running sql (0.0013258457183838) /* m_configuration::update */ UPDATE configuration SET value = 'none', edited_by = 'system', edited_date = NOW() WHERE id = 141
15 2021-02-04 21:22:00 1612473720.196 system 7 debug 15378 tform301 10.70.32.201 logon m_configuration::update success running sql (0.00029587745666504) /* m_configuration::update */ SELECT * FROM `configuration` WHERE `name` = 'oae_product'
16 2021-02-04 21:22:00 1612473720.196 system 7 debug 15378 tform301 10.70.32.201 logon m_configuration::update success running sql (0.0012471675872803) /* m_configuration::update */ UPDATE configuration SET value = 'Open-AudIT Community', edited_by = 'system', edited_date = NOW() WHERE id = 143
17 2021-02-04 21:22:00 1612473720.196 system 7 debug 15378 tform301 10.70.32.201 logon m_configuration::update success running sql (0.00034093856811523) /* m_configuration::update */ SELECT * FROM `configuration` WHERE `name` = 'server_ip'
18 2021-02-04 21:22:00 1612473720.196 system 7 debug 15378 tform301 10.70.32.201 logon m_configuration::update success running sql (0.0013539791107178) /* m_configuration::update */ UPDATE configuration SET value = '10.70.32.203', edited_by = 'system', edited_date = NOW() WHERE id = 153
19 2021-02-04 21:22:00 1612473720.196 system 7 debug 15378 tform301 10.70.32.201 logon m_configuration::update success running sql (0.00052094459533691) /* m_configuration::update */ SELECT * FROM `configuration` WHERE `name` = 'modules'
20 2021-02-04 21:22:00 1612473720.196 system 7 debug 15378 tform301 10.70.32.201 logon m_configuration::update success running sql (0.0013689994812012) /* m_configuration::update */ UPDATE configuration SET value = '{\\"NMIS8\\":{\\"name\\":\\"NMIS8\\",\\"file\\":\\"\\\\/cgi-bin\\\\/nmiscgi.pl\\",\\"link\\":\\"\\\\/cgi-nmis8\\\\/nmiscgi.pl\\",\\"url\\":\\"https:\\\\/\\\\/opmantek.com\\\\/network-management-system-nmis\\\\/\\"},\\"opAddress\\":{\\"name\\":\\"opAddress\\",\\"file\\":\\"\\\\/bin\\\\/opaddress-cli.pl\\",\\"link\\":\\"\\\\/omk\\\\/opAddress\\\\/\\",\\"url\\":\\"https:\\\\/\\\\/community.opmantek.com\\\\/display\\\\/opAddress\\\\/Home\\"},\\"opCharts\\":{\\"name\\":\\"opCharts\\",\\"file\\":\\"\\\\/public\\\\/omk\\\\/js\\\\/opCharts_a_external_packed.js\\",\\"link\\":\\"\\\\/omk\\\\/opCharts\\",\\"url\\":\\"https:\\\\/\\\\/opmantek.com\\\\/opcharts-dashboards-charts-management\\\\/\\",\\"installed\\":true,\\"version\\":\\"3.5.0\\"},\\"opConfig\\":{\\"name\\":\\"opConfig\\",\\"file\\":\\"\\\\/install\\\\/opconfigd.init.d\\",\\"link\\":\\"\\\\/omk\\\\/opConfig\\",\\"url\\":\\"https:\\\\/\\\\/opmantek.com\\\\/network-configuration-management-opconfig\\\\/\\",\\"installed\\":true,\\"version\\":\\"3.5.0\\"},\\"Open-AudIT\\":{\\"name\\":\\"Open-AudIT\\",\\"file\\":\\"\\\\/bin\\\\/oae-tasks.sh\\",\\"link\\":\\"\\\\/omk\\\\/open-audit\\\\/\\",\\"url\\":\\"https:\\\\/\\\\/opmantek.com\\\\/network-audit-software\\\\/\\"},\\"opEvents\\":{\\"name\\":\\"opEvents\\",\\"file\\":\\"\\\\/install\\\\/opeventsd.init.d\\",\\"link\\":\\"\\\\/omk\\\\/opEvents\\\\/\\",\\"url\\":\\"https:\\\\/\\\\/opmantek.com\\\\/opevents-traps-network-event-management\\\\/\\",\\"installed\\":true,\\"version\\":\\"2.6.0\\"},\\"opFlow\\":{\\"name\\":\\"opFlow\\",\\"file\\":\\"\\\\/bin\\\\/opflow-cli.pl\\",\\"link\\":\\"\\\\/omk\\\\/opFlow\\",\\"url\\":\\"https:\\\\/\\\\/opmantek.com\\\\/netflow-analyzer-collector-opflow\\\\/\\",\\"installed\\":true,\\"version\\":\\"3.1.0\\"},\\"opHA\\":{\\"name\\":\\"opHA\\",\\"file\\":\\"\\",\\"link\\":\\"\\\\/omk\\\\/opHA\\",\\"url\\":\\"https:\\\\/\\\\/opmantek.com\\\\/distributed-network-management-system\\\\/\\"},\\"opLicensing\\":{\\"name\\":\\"opLicensing\\",\\"file\\":\\"\\\\/lib\\\\/opLicense.pm.exe\\",\\"link\\":\\"\\\\/omk\\\\/opLicense\\",\\"url\\":\\"#\\"},\\"opReports\\":{\\"name\\":\\"opReports\\",\\"file\\":\\"\\\\/bin\\\\/opreports-cli.pl\\",\\"link\\":\\"\\\\/omk\\\\/opReports\\\\/\\",\\"url\\":\\"https:\\\\/\\\\/opmantek.com\\\\/network-configuration-management-opconfig\\\\/\\",\\"installed\\":true,\\"version\\":\\"3.4.0\\"},\\"opSLA\\":{\\"name\\":\\"opSLA\\",\\"file\\":\\"\\",\\"link\\":\\"\\\\/omk\\\\/opSLA\\",\\"url\\":\\"https:\\\\/\\\\/opmantek.com\\\\/ip-sla-monitor-cisco-ipsla\\\\/\\"},\\"Other Modules\\":{\\"name\\":\\"Other Modules\\",\\"link\\":\\"https:\\\\/\\\\/opmantek.com\\\\/network-management-system-tools\\\\/\\",\\"url\\":\\"https:\\\\/\\\\/opmantek.com\\\\/network-management-system-tools\\\\/\\"}}', edited_by = 'system', edited_date = NOW() WHERE id = 138
21 2021-02-04 21:22:00 1612473720.196 system 7 debug 15378 tform301 10.70.32.201 logon m_networks::upsert success running sql (0.0002601146697998) /* m_networks::upsert */ SELECT * FROM networks WHERE networks.org_id = 1 AND networks.network = '127.0.0.0/8'
22 2021-02-04 21:22:00 1612473720.196 system 7 debug 15378 tform301 10.70.32.201 logon m_networks::upsert success running sql (0.00020098686218262) /* m_networks::upsert */ SELECT * FROM networks WHERE networks.org_id = 1 AND networks.network = '10.70.32.0/22'
Your attached "error_log" is actually the access log.
These are the files I have:
-rw-r--r--. 1 root root 38714 Feb 4 22:43 access_log
-rw-r--r--. 1 root root 9342 Feb 4 22:00 error_log
I have setup Open-AudIT to use HTTPS, and I have re-configured with all required steps for SSL.conf and the redirect options required. When I try to access the Open-Audit community edition I'm not able to login to it using the default user name (admin) and password. I'm getting "There was an error authenticating, please try again".
I have tried default user name and password using https with nmis and it worked fine, but not with Open-AudIT community, also I have restored the database and I'm still having the same issue, any ideas why this is happening?
Any help would be greatly appreciated.
Thank you!