WA-FAQ
Does Leap Year affects WebALARM operations?
Question: Does Leap Year affects WebALARM operations? Answer: WebALARM will not be affected by the Leap Year. For example 29 Feb, 2016 More information: N/A
How to stop WAA Real-time Monitoring?
Question: How to stop WAA Real-time Monitoring? Customer Environment: 1) OS for WebALARM Agent (WAA): Linux 2) WebALARM (WA) version: v4.3.X Answer: Refer to the manual workaround below: Boot options to set the /usr/local/wa4/wa --port=8079 ...
How to re-create (restore) WA's /wa.bak in case of directory being deleted?
Question: How to re-create (restore) WA's /wa.bak in case of directory being deleted? Customer Environment: 1) OS for WebALARM Agent (WAA): Linux 2) WebALARM (WA) version: v4.3.X Answer: Refer to manual workaround below: 1. Access the affected ...
How to install WebALARM agent on 64bit Linux operating system?
Question: How to install WebALARM agent on 64bit Linux operating system? Answer: WebALARM agent requires 32-bit libraries to work on 64-bit Linux platforms. Please ensure the following libraries are installed before installing WebALARM agent: ...
WebALARM compatibility with antivirus software that installed in the same machine - related FAQ
Question(s) and Answer(s): Q1: Will there be a problem installing WebALARM (Linux version) to monitor files changes on a server that already have virus scanner software running? (Especially in regards of files being deleted and quarantined by the ...
What is the minimum kernel version requirement for WebALARM Linux real-time monitoring?
Question: What is the minimum kernel version requirement for WebALARM Linux real-time monitoring? Answer: For real-time monitoring in Linux, the minimum supported kernel version is 2.6.15. Any CentOS/RHEL version 5 or above would meet the ...
If WebALARM Console is closed forcefully, is there any impact to WAA & UMA?
Question: If WebALARM Console is closed forcefully, is there any impact to WAA & UMA? Answer: There is no adverse impact to WAA & UMA. The Console connection does not affect connection between WAA & UMA. Abbreviation: WebALARM Agent (WAA) Update ...
What does error code FILE_ERR_INVALID_PACKET mean?
Error Code: FILE_ERR_INVALID_PACKET Question: What does error code FILE_ERR_INVALID_PACKET mean? Answer: FILE_ERR_INVALID_PACKET happens when WAA receives an invalid instruction from UMA. This error may be caused by UMA due to sudden disconnection of ...
What is the recommended sequence to restart WAA and UMA processes?
Question: What is the recommended sequence to restart WAA and UMA processes? Answer: On systems with both WAA and UMA installed, please follow the recommended sequence below: 1. Restart WAA process 2. Restart UMA process Abbreviation: WebALARM ...
Does WebALARM requires root privileges to run in Linux environment?
Question: Does WebALARM requires root privileges to run in Linux environment? Answer: Yes. Under UNIX environment, 'root' privilege is required by WebALARM for its operation to access files owned by various owners in the local filesystem. In ...
Can WebALARM detect unintended alteration due to internal operational mistakes?
Question: Can WebALARM detect unintended alteration due to internal operational mistakes? Answer: Yes. Once WebALARM begins monitoring a set of files, it will recover ALL changes done to the files, whether it's unauthorized or accidental. WebALARM ...
What are the default communication ports used by WebALARM components?
Question: What are the default communication ports used by WebALARM components? Answer: 1. WAC ---> WAA TCP port 9999 2. UMC ---> UMA TCP port 9995 3. UMA ---> WAA TCP port 5013, 5033 Abbreviation: WebALARM Agent Console (WAC) ...
Can we restore the system including WebALARM from backup data?
Question: Can we restore the system including WebALARM from backup data? Answer: Yes. WebALARM can be restored from backup data. More information: N/A
Does Agent support Solaris Container? If it is so, is the Agent necessary install to each container?
Question: Does Agent support Solaris Container? If it is so, is the Agent necessary install to each container? Answer: According to Sun. Inc, Solaris Container is supposed to provide a virtual environment for Solaris 8 and 9. So naturally WebALARM ...
Is there a character that cannot be used for the community name of the setting tab of WebALARM Agent Console (WAC) and Update Management Console (UMC)?
Question: Is there a character that cannot be used for the community name of the setting tab of WebALARM Agent Console (WAC) and Update Management Console (UMC)? Answer: We would suggest using alphanumeric characters a-z, A-Z, 0-9. More ...
When we refer from the console, is agent's log output to the xml file? Where is the log before it is written stored if the above-mentioned is correct?
Question: When we refer from the console, is agent's log output to the xml file? Where is the log before it is written stored if the above-mentioned is correct? Answer: The log viewed in Console is stored in memory. There are no files stored. ...
Do Agent and UMA support Red hat Enterprise Linux 64 bit OS?
Question: Do Agent and UMA support Red hat Enterprise Linux 64 bit OS? Answer: WebALARM Agent and UMA support Red hat Enterprise Linux/Linux 64-bit. More information: N/A
Can we allocate the wa.db on NFS(symbolic link)? Does it supported?
Question: Can we allocate the wa.db on NFS(symbolic link)? Does it supported? Answer: Yes, it is supported. More information: N/A
When they log-in to UMA from UMC, WAA under the UMA disconnected. What is this cause? Does UMA reconnect to WAA?
Question: When they log-in to UMA from UMC, WAA under the UMA disconnected. What is this cause? Does UMA reconnect to WAA? Answer: When UMA is disconnected from WAA unexpectedly, by default UMA would retry the connection for up to 5 times with a 1 ...
When new files are updated from Linux UMA to Linux WA, WA's DB updates only added files or all files? I want to know how the DB is updated.
Question: When new files are updated from Linux UMA to Linux WA, WA's DB updates only added files or all files? I want to know how the DB is updated. Answer: The WA's DB would only update the added files' hash value and backup. More information: ...
How can we update WebALARM agent from 3.0 to 3.5 on Solaris8? The customer wants to use config of 3.0.
Question: How can we update WebALARM agent from 3.0 to 3.5 on Solaris8? The customer wants to use config of 3.0. Answer: Please follow the steps below: 1. Backup the following file and directories • wa.cfg • wa.db ...
What situation does agent output the "Recovered manually” message?
Question: What situation does agent output the "Recovered manually” message? Answer: This message would be displayed when manual 'Upload' is stopped and Agent detects that the file detected as modified during 'Upload' has been restored to original ...
When the agent check the file, what kind of hash function does agent use?
Question: When the agent check the file, what kind of hash function does agent use? Answer: SHA-1 More information: N/A
In no-recovery mode, how WA work on the next WA monitoring cycle or when user request monitoring? Does WA send new alert mail and add new logs?
Question: In no-recovery mode, how WA work on the next WA monitoring cycle or when user request monitoring? Does WA send new alert mail and add new logs? Answer: In case of no recovery mode; unauthorized change WA find the change send alert mail, ...
When a customer set the database to 'no-recovery' and every 5 minutes polling, the same file detected repeatedly. Is this behavior normal?
Question: When a customer set the database to 'no-recovery' and every 5 minutes polling, the same file detected repeatedly. Is this behavior normal? Answer: In the case of 'no-recovery', the following behavior is observed after come the next ...
What is the alternative way to fix a corrupted WAA database after being imported?
Symptom: Database is created by using import setting from saved Database (Exclusion Path included). Created Database, then become corrupted after a few minutes. Question: What is the alternative way to fix a corrupted WAA database after being ...
Does UMA 4.3.x able to publish data into WAA 4.2.x ?
Question: Does UMA 4.3.x able to publish data into WAA 4.2.x ? Answer: No, UMA 4.3.x can't connect to WAA 4.2.x. UMA and its target WAA needs to be same version to use whole function of the product. More Information: N/A
Does existing RHEL 32-bit library (glibc & libstdc++) needed to be upgraded while upgrading WAA to a 64-bit environment?
Customer's environment: (e.g) 1. OS for WebALARM Agent (WAA): RHEL 5.5 64-bit 2. Current WAA version: V3.5 3. Upgrade current WAA version to V4.3.1 Question: Does existing RHEL 32-bit library (glibc & libstdc++) needed to be upgraded while upgrading ...
Product's License Files FAQ
Customer's Environment: (e.g) 1. OS for WebALARM Console (WAC) & WebALARM Agent (WAA): Window Server 2008 R2 2. Version of WebALARM (WA): V4.3 Questions and Answers: 1. How to check the location of WA product's license after being installed? Please ...
Where can I check product release information?
Question: Where can I check product release information? Answer: You check the "WebALARM 4 Release Information" from the page below http://www.elock.com.my/homepage/portfolio-ajax/webalarm/#toggle-id-5 More Information: N/A
Tips for linux real time detection setting
Question: We have plan to let WAA monitor tons of files. Any tips for linux real time detection setting? Answer: Can you refer and set following options. 1. max_queued_events - Settings recommendation: 3x max_user_watches +20% buffer e.g. 90,000 is ...
Possible cause of "error saving database"
Question: What is the possible cause of error below? <Log><TM>062908</TM><MT>Error</MT><DB>Contents and DB</DB> <Msg>error saving database. </Msg></Log> Answer: This can be due to the following causes: - insufficient space - no permission - ...
Email alert stored or archived?
Question: After the WebALARM send out all the email alert notifications, where's all the email stored or backup or archived? Where's the directory in WA server to refer? Answer: WebALARM only sends email and never stores any, since it will discarded ...
Possible cause of "copy tampered file error"
Question: What is the possible cause of error below? <Log><TM>063359</TM><MT>Error</MT><DB>Contents and DB</DB> <Msg>/var/www/html/test.php. copy tampered file error (FILE_ERR_SOURCE). </Msg></Log> Answer: This can be due to the following causes: - ...
Possible cause of "file decompression error"
Question: What is the possible cause of error below? <Log><TM>062908</TM><MT>Recovery</MT><DB>Contents and DB</DB> <Msg>/var/www/html/test.site.net/test.php: recovery failure (file decompression error). </Msg> </Log> Answer: The possible causes are ...
Can we use a string containing "/" in "Exclusion"?
Question: Can we use a string containing "/" in "Exclusion"? (eg. "123/456") Answer: No, it is not supported. Exclusion pattern only supports file name. More Information: Please check user manual for exclusion string sample, entry max size and more.
"BEAST attack" for WebALARM
Question: Does WebALARM have the vulnerability of "BEAST attack"? Answer: WebALARM is not vulnerable to BEAST attack, because the attack requires a man-in-the-middle access and WebALARM Agent requires client certification authentication from WAC. ...
Many files detected in log after server rebooted
Question: Many files detected in log after server rebooted. Why and how can I avoid this symptom? Answer: This can be occurred when monitored files are in NFS mounted, due to local file (mount point) and actual NFS file difference. To adjust NFS ...
UMA / UMC Compatibility between v4.1 and v4.3
Questions & Answers: 1. Does UMA ver4.3(.1) compatible with UMC v4.1? No. The UMC has to be upgraded to v4.2 or v4.3 to ensure compatibility. 2. Does UMC ver4.3(.1) compatible with UMA v4.1? No. The UMA has to be upgraded to v4.3 to ensure ...
WAA / WAC Compatibility between v4.1 and v4.3
Questions & Answers: 1. Does WAA ver4.3(.1) compatible with WAC v4.1? No. The WAC has to be upgraded to v4.2 or v4.3 to ensure compatibility. 2. Does WAC ver4.3(.1) compatible with WAA v4.1? No. The WAA has to be upgraded to v4.3 to ensure ...
Next page